Anger as NHS shares confidential health records with councils

An NHS patient has complained to the information commissioner after the health service placed her "private and confidential" health records on a database which could be accessed by staff at the local council.

An NHS patient has complained to the information commissioner after the health service placed her "private and confidential" health records on a database which could be accessed by staff at the local council.

Elizbeth Dove said she learned that the NHS had shared her medical details with the council without her knowledge after she contacted her GP about suspected depression.

The case highlights the widespread, but little known, practice of data sharing between the NHS and local councils through the local council social care systems.

Doctors have told Computer Weekly that GPs routinely refer patients to their local primary care trust, which shares medical information with local councils through joint computer systems. The data sharing is done in the name of "offering best care".

But Dove's predicament shows how government attempts to share personal information more widely in the public interest can upset the individual rather than help.

Dove contacted Computer Weekly to say that the transfer of her medical information to council social care system Swift has caused her considerable distress.

"I think there are some very important principles here that affect us all and a person's right to privacy and confidentiality. It is scary. Nobody has bothered to inform the general public to see what they think, or to seek their permission in the release and sharing of their personal medical information. This is wrong."

Dove says the Isle of Wight Primary Care Trust has betrayed the trust she placed in the NHS to keep her medical information secret. She was not asked if she wanted her medical records shared with the council.

The Isle of Wight Primary Care Trust told Computer Weekly that it has now produced a leaflet for patients on the sharing of their information. The leaflet was published only after Dove submitted a request to the council under the Data Protection Act, discovered that it possessed her medical details and, as a result, expressed her concern to officials.

Meanwhile, the Swift system, and others like it, remain in the shadows: few among the population realise that if they approach their GP about a mental health matter such as depression their medical history may be accessible on a council database.

Dove says the joint system gives some of the council's staff the potential to "snoop, scrutinise, monitor and track patients". She added, "It has discriminatory undertones [if] a local authority and the NHS perceive anyone and everyone with a mental health problem to be either a schizophrenic or a paedophile. This regrettably stigmatizes people with any mental health issue."

GP Paul Thornton, who has studied the legal and ethical issues around the sharing of medical information, said,

"She [Elizabeth Dove] has experienced in microcosm the issues which are unresolved in respect of the Connecting for Health [National Programme for IT] database.

A spokeswoman for the Isle of Wight NHS Primary Care Trust told Computer Weekly, "In line with national best practice and guidance, the NHS and local authority on the Isle of Wight formally integrated mental health services in 2001.

"A joint electronic information system enables a co-ordinated approach, the development of care packages to meet all the needs of an individual, and provides key information to support the provision of crisis, out of hours and emergency services. Security is maintained to a high standard and strict measures are in place to monitor access. Leaflets which explain the information sharing policy are available to service users."

* NB Elizabeth Dove is a pseudonym used in e-mails to Computer Weekly. She does not want her real name disclosed.

Read more on this story, including further comments from the parties involved, in Tony Collins' blog entry: Patient dismay as medical data shared with council >>

See also:

Sharing NHS data - Connecting for Health website >>

Is sharing of NHS SUS data legal? - IT Projects blog, 2007 >>

NPfIT database could save your life - IT Projects blog, 2008 >>

NHS IT condemned - by NHS trust - Taxpayers' Alliance >>

Sir Bobby Robson's e-health records viewed illicitly by NHS staff - IT Projects blog, 2007 >>

NHS NPfIT begins to fall apart - NHS Watch >>

Lives ruined as NHS leaks patient notes - The Guardian, 2000 >>

Read more on IT risk management