Two senior officials at the Department of Health and the chairman of the conference have taken exception to the reporting in our 15 July issue of the conference organised by the British Computer Society's Health Informatics Committee and Assist, the Association for ICT Professionals in Health and Social Care, in Birmingham.
Head of patient and citizen relations, NHS Information Authority
As one of the people responsible for patient confidentiality policy in the NHS, I want to correct errors and misunderstandings in Tony Collins' article (Doctors express alarm at plans to store patient data without consent, 15 July). He spoke of "secret plans" to put health data into a "data spine" system. They are only secret insofar as they have been discussed at major conferences (NHS Confederation, Carers UK annual general meeting). Moreover, the data spine contents were decided in a series of discussions with clinicians and representatives of patient and citizen groups. They have also just been the subject of research with patients and the public conducted for us by the Consumers' Association. Not a definition of secrecy I would recognise!
Your author neglected to mention that at the British Computer Society meeting that prompted the article, it was announced that the supposedly secret Output Based Specification, which ran to many hundreds of pages, would soon be made public in a summary version. Many who attended the meeting were given access to the complete version beforehand and parts of it appeared in a Powerpoint presentation at the meeting.
The impression is given that a national database of patient identifiable information will be available without patients' consent. That is not the case. Identifiable "spine" records will not "go live" until each patient consents individually. We do, however, admit to ensuring that clinicians explain to patients the consequences of having and not having an identifiable "spine" record. We are guilty as charged of wanting patients to have informed consent.
The records of patients who do not consent to their "spine" record going live will be used for authorised planning and management of health services and for research that has ethical approval. Neither of these forms of access will reveal the identity of the patient. Planners and researchers will have permission only to extract limited data for the purpose of their analysis. No one will be able to see the full record except in rare circumstances, such as a medical emergency, and even then under extremely strict conditions which would generate live alerts. This kind of access is fully in accord with the Data Protection Act and is provided in the interest of patient care. This data will be held under very strong security appropriate to the risks involved, as is always the case in a good security design.
We must also admit to being honest with patients and the public about hackers. If the Pentagon is not safe from hackers, then we cannot give absolute guarantees either. We can, though, use state of the art protection and explain what measures we are taking to protect people's information. Our research with the public consistently suggests that while they have some concerns about security, their highest priority is good health information being available to them and those treating them.
Contrary to the impression given, the police will have no more access to patient records than now and probably less. A Confidentiality Code of Practice will be published in the autumn giving NHS staff clear instructions about when they must and must not give information to the police. And as was made very clear at the meeting, clerical staff will find it much more difficult to sell information to private detectives when electronic records greatly restrict their access to clinical details in patient records. Another thing the author neglected to include.
You also report elsewhere that some clinicians are concerned that the measures to protect patient confidentiality might be too rigorous. It seems we cannot win! The confidentiality policy that underpins the technical specification for the integrated care record was largely devised by patients (including those with particularly sensitive health problems) and then widely and publicly consulted on with all interested parties, who gave the proposals an 86% approval rating.
A press release issued after the meeting by the British Computer Society said, "The mood of the meeting was one of considerable enthusiasm for the overall plan and optimism that the vision it describes could, if appropriately developed, fundamentally improve patient care in the NHS." Somehow, that was left out of the article reporting on the meeting. I for one am at a loss to understand why Computer Weekly allows itself to print scare stories which may sell a few more copies but at the cost of frightening patients needlessly and some might say cruelly.
Clinical adviser to the Information Policy Unit, Department of Health
I find your reporting of parts of the health informatics conference organised by Assist and BCS deeply disturbing in at least two respects.
Firstly it was a gross breach of confidence to report the meeting at all. It was a private meeting at which attendees from all parts of the NHS, suppliers, academics, management consultants and the Department of Health could express their ideas and views on the National Programme for IT in the NHS knowing that they would not be made public. A summary report will be the only outcome of the meeting. The chairman of the meeting specifically stated in his introductory remarks that all were bound not to comment publicly on what was said.
To break confidences in this way is undermine the understanding which allows individuals from opposite sides of the fence to meet for frank and open discussions to the benefit of both and the services they represent.
Secondly the report was given the most sensational spin, with phrases such as "secret plans to put sensitive health dataÉ into a national 'data spine'," "patientsÉ unaware that health recordsÉ could be seen by authorised government agencies such as the police", "sensitive data, which could include references to sexual historiesÉ could be vulnerable to hacking attempts".
Spin is more about style than substance as is evidenced in your report.
For the record there are no secret plans to put sensitive data into a national data spine. The plans for a national Integrate Care Records Service were published in June 2002 and have been on the internet for over a year now. The specific arrangements for a "National Data Spine" were presented publicly at the Health Care 2003 meeting in March and several times since. The proposals were widely discussed within the information community of the NHS.
The police or anyone else will have no greater power to examine health records than they do now. The process needs a court order and is thus subject to judicial review.
It is common knowledge that any database of information from banks to the Ministry of Defence are subject from time to time to attempts at unauthorised access. Something an IT journalist should be aware of. It is part of the modern electronic world such as spamming and other unsolicited e-mails. The most stringent security measures will protect all electronic health records.
It is a great disappointment to have to complain of such an abuse of trust, which will make it more difficult for CW world (sic) to achieve the factually (sic) accuracy I am sure it strives for.
Family physician, chairman, Health Informatics Committee of the British Computer Society
The British Computer Society's Health Informatics Committee is extremely concerned at the cheap headline-grabbing nature of the reporting in Computer Weekly of the discussions that took place at our recent meeting. This meeting was a scientific contribution to the development of the National Programme for IT in the NHS and as such had a balanced and constructive series of workshops which were aimed to assist in the successful implementation of the programme. Your reporting and in particular your headlines only concentrated on one side of what took place.
My comments about the possibilities for problems around the confidentiality requirements of the new systems were designed to explore in a reasoned fashion, how clinical staff might work. The debate which took place following these comments produce a very different viewpoint than that reported. Thus my comments were taken out of context and have been used to raise unfounded anxieties amongst NHS staff and patients.
I raised the possibility that it would take staff time to cope with these confidentiality constraints and the discussion agreed that this was why the national programme had decreed they needed a phased implementation. The only proposal which thus arose was the need to evaluate these phases at each stage during the five-year implementation to ascertain whether they do cause problems and modify them in the light of experience. This phasing and evaluation are not mentioned, yet they are a fundamental point.
It was pointed out very strongly at the meeting that effective and rigorous confidentiality constraints are an essential requirement if we are to keep patient confidence. No one objected to the need to share patient data if we are to use IT systems to improve patient care. Patients themselves find it ridiculous in this modern age that their records are not available to those who care for them wherever they are within the NHS. The idea that "doctors would boycott such systems" was not raised at the meeting and is inaccurate.
I would also take issue with the comment that the proposals are "secret". Everyone at the meeting had had access to the report and I commented in my opening speech that arrangements are in place to make it public.
There is a basic inconsistency with two of your reports. On the front page you state that the confidentiality requirements are too strong and in a later report you say that there is danger in patient data being held in the National Spine without patient consent! It was quite clearly stated that patients will have to give their consent before any data can be used by anyone for any purpose.
It is extremely worrying if experts in the field cannot debate these very important issues without inaccurate and unbalanced reporting. All such reporting does is stifle the real debates we need if we are to ensure that we are successful in realising the huge benefits in care that IT can deliver. Widespread informed debate is needed; ill-informed scaremongering is not.