Supporters of Computer Weekly's NHS IT conference coverage

Delegates at the conference organised by British Computer Society's Health Informatics Committee and Assist, the Association for...

Delegates at the conference organised by British Computer Society's Health Informatics Committee and Assist, the Association for ICT Professionals in Health and Social Care, in Birmingham, expressed their support for the reports Computer Weekly published on the event.

Fleur Fisher

Former head of ethics, science and information at the British Medical Association and director, Healthcare-ethics Consultancy

Congratulations in performing a vital public service in opening the first informed debate in the public domain on the practicalities of the proposed Integrated Care Records Service in the columns of the Computer Weekly.

That even the outline of these proposals has been "commercial in confidence" until the Output Based Specification suddenly appeared on the Department of Health website (22 July) has been an intense disappointment. While the decision to spend £2.3bn on the IT infrastructure of the NHS will be welcomed by patients and clinicians alike, the principles of law, medical ethics and data security must be demonstrably fulfilled in practice.

This once in a lifetime opportunity must not be squandered by failure to engage in the necessary consultation and debate.

The proposal to set up a National Data Spine of Personal Health Information (in effect a national datawarehouse) signifies a radical departure by the Department of Health from all previous formal approaches to the personal health record.

That all personal health information, including access to all clinical services shall be collected and held centrally comprehensively demolishes the ethos of the professional doctor/patient relationship. That patients confide personal information to their clinician necessary to their diagnosis and their own ability to co-operate in the management of their condition is possible only on the understanding that the whole clinical record does not leave the clinician (most usually the GP).

Germane details only are shared in any referral process with patient consent.

Whilst unreservedly welcoming your coverage, I would like to correct an important inaccuracy in your editorial of 15 July. You state that "Of course, citizens will have the option of refusing to consent to their records being loaded up on the database". One source of alarm about the Integrated Care Record Service Output Based Specification is the clear statement:

"A patient will NOT be entitled to refuse that their personal data is made available to the spine. Data about all patient events may be routinely communicated to the spine without the consent of the patient. It is only the release of the personal data held within the spine for the purpose of clinical care that requires the patient's one-off agreement."

And "In phase 1 although patient data will be loaded over time without explicit consent being sought, it will not be available for use except by pseudonymisation or anonymisation services until the patient expressly signs up to joining information sharing through the spine".

Fundamentals of clinical ethics (confidentiality, informed consent and respect for patient autonomy), the law, and data security (with the proven vulnerability of large databases) seem all to have been disregarded in the rush to delivery.

It is reassuring to have Richard Granger at the helm of the delivery of the new NHS IT systems. But it is the duty of government to ensure the specification of any NHS IT system fulfils the requirements of healthcare in a democracy.

Dissenting view

Paul Steventon

GP and chairman of the Doctors Independent Network

Responding to your articles of 15 July, I believe it is necessary to put forward a dissenting view of the proposed Integrated Care Records Service for the NHS.

Potential exists in the ICRS as it is currently envisaged for the permanent destruction of the privacy of UK citizens. Irreparable damage to the profession and practice of medicine in Britain is an inevitable consequence.

The Radical Steps Conference held recently in Birmingham revealed widely felt concerns about the ICRS which you accurately reported.

Predictably, many of those present were directly or indirectly paid or funded by the government, and thus were unable to freely express dissent. Unofficially, levels of alarm and pessimism among this silent majority have continued to grow, stifled only by a well-founded fear of reprisals.

There has been some attempt to rewrite the history of the ICRS bidding specification since it became de facto a public document. My memory of events is as follows:

Richard Granger was surprised during his talk at the recent PHCSG meeting at Heythrop Park to find that his until-then highly (commercially) secret bidding documents had been extensively leaked to key clinical IT specialists. He announced at Heythrop that he would lift the secrecy on subsequent drafts of the document in recognition of its wide unofficial distribution. There was clearly no intention of encouraging open debate.

NHS officials have attempted to suggest that transfer of sensitive patient information to a national database without patient consent is unimportant because first, security of confidential information will be better than it currently is, and second that patient data will not be identifiable on the national database unless the patient consents to the decryption of his or her identifiers.

Careful inspection of the documentation reveals that:

l Impressive security is indeed to be applied to all the "front-end" NHS users of the system, to the point of significantly inconveniencing clinicians trying to access medical records legitimately. From the "front" the ICRS will appear secure. Unfortunately, from the government's side, it will be open to abuse.

l The complete records and encrypted identities of all NHS patients will be uploaded into the ICRS spine without consent. The private keys meant to secure the encrypted patient identities are also held by government. These keys will be used to reverse the de-identification of patients without their knowledge or consent in "special circumstances". The definition of these special circumstances remains unclear.

l The location and tracking of individuals of interest to police and security services, such as asylum seekers, illegal immigrants, terrorists, drug smugglers and paedophiles will certainly be possible using the ICRS. The list of "interesting people" in Britain is arbitrary, set by government, and liable to change without either notice or parliamentary debate.

Leading clinical IT specialists at Radical Steps also voiced concerns about the practicality of clinicians implementing the ICRS security rules during the consultation. I too am concerned.

The level and type of security needed to control a nationwide clinical database poses practical problems for the clinician. The complex protocols prescribed will force doctors and nurses to spend an unknown amount of time in every 10-minute consultation dealing with security. Before that they will of course need hours of training simply to understand the procedures!

I confidently predict that many non-computer literate NHS employees will never accurately grasp the detail of the proposed security protocols. The effect on the NHS will be a significant degradation of efficiency in an already tottering system.

Doctors and nurses are already very short of time to care for their patients. Offered the choice between spending precious minutes giving essential patient care or fulfilling complex security protocols on a government-owned computer for dubious reasons, it is likely that the majority will choose to look after the patient.

If the government forces the issue by withholding pay from those who do not comply, the efficiency of GPs in the NHS will at once reduce by about 30%, as it did recently in Canada under similar circumstances.

Confidentiality is a medical term. It describes the solemn undertaking given by a doctor to keep secret all private matters confided by the patient. This responsibility is only waived under a magistrate's warrant, or if the clinician holding the secret judges that a third party may be put at serious risk by non-disclosure.

Confidentiality is not mentioned in the ICRS, for the very good reason that the government's proposals drive a bulldozer through it. This puts at risk the independence and integrity of British medicine.

A doctor who cannot keep his patients secrets safe can no longer be a trusted professional, but instead becomes as Roget's Thesaurus puts it: "A person who secretly observes others to obtain information: agent, operative". A spy.

Read more on IT for government and public sector