Doctors express alarm at plans to store patient data without consent

Tony Collins reports from a stormy health informatics conference in Birmingham run by the BCS and Assist.

Tony Collins reports from a stormy health informatics conference in Birmingham run by the BCS and Assist.

The Department of Health has produced secret plans to put sensitive health data about up to 50 million people into a national "data spine" system, whether or not patients give their consent.

Doctors and IT specialists at the health IT conference run by the British Computer Society Health Informatics Committee and Assist, the Association for ICT Professionals in Health and Social Care, expressed concerns about the plans, which would allow sensitive personal information to be shared electronically among authorised individuals.

They said patients might be unaware that health records on a national system could be seen by authorised government agencies such as the police, or may be at risk of being revealed illicitly to private detectives.

The concerns were raised as health service officials admitted that sensitive data, which could include references to sexual histories, genetic dispositions to certain diseases, or psychiatric care, could be vulnerable to hacking attempts (see story below).

Fleur Fisher of the BCS Primary Health Care Specialist Group, a former head of ethics, science and information at the British Medical Association, was among those who expressed concern because there had been no public debate about the plans.

"This is an enormous leap in the sharing of information which has not the consent of the electorate," she said. There would be vast amounts of identifiable data on the spine, she added.

The proposals, which are contained in a series of individually password-protected "output based specification" documents issued by the Department of Health, also recognise that errors are "likely" to occur when records are matched from different source organisations.

There is at present no national system for health records. GPs keep records on local systems but hospital doctors say that paper-based files frequently go missing. One purpose of the national data spine would be to ensure that a wide range of clinicians always has access to the records of patients they are treating.

The data spine is part of plans for electronic patient records, termed Integrated Care Records Service. The first contracts for companies to run ICRS systems are due to be awarded in October.

At the Birmingham conference doctors and computer specialists welcomed the plans for ICRS. But some expressed concern about aspects of the ICRS programme.

If patients refuse consent for their information to be recorded on the spine, their GPs may warn them that their refusal could harm their care. Even if patients refuse consent, their data will still go into the national spine but in a "pseudonimised" version.

The Department of Health has told prospective suppliers to ensure that in special cases it is possible "to reverse the pseudonymisation process". Department documents said patients will not be able to stop their personal data being made available to the spine.

From Post-it notes to digital records       

What health professionals said about plans for electronic patient records: 

"In our hospital clinicians carry rolls of sticky labels in their pockets on which they write down the pathology results [from screens] which they put into notes. An awful lot of people on the national IT programme do not understand this." 

"When we think of an electronic record we think of something that is systematic, structured and coded. What records we have at the moment are a haphazard, unsigned. undated series of 'Post-it' notes. How do you get from one to the other and where in the programme is that extra work accounted for?" 

"The biggest frustration for me in my working life is that 30% of the patients I see in outpatients do not have records. There is a similar percentage of results I just do not have although I know they are there. This drives me nuts."

Read more on Privacy and data protection