Stephen Ginn: NHS Summary Care Record

12 Mar, 10 | by julietwalker

Stephen Ginn People living in London and four other strategic health authorities are currently receiving information in the post about the rollout of the NHS Summary Care Record (SCR) system. SCR is part of the NHS Care Records System, a large UK government IT project which aims for more effective sharing of patient records between NHS services. When the system is in full swing, NHS staff in Newcastle (say) will be able to access the medical records of someone requiring care whose residence and GP is in Penzance. The SCR will initially contain records of such things as medications and allergies, but may eventually become more detailed and also allow access to specialists’ letters and scans.

Controversy about this centralised system has been rumbling on for some time and before you read further I must declare my hand: I have opted out.

No record system is perfect. Whenever you meet with any NHS healthcare professional a record will be made of your interaction and, in these days of team working and shift work, this could be seen by a fairly large number of people. Equally if you are a patient on a ward, patient notes are most often not kept under lock and key and are therefore accessible to any nosey parker who happens to walk by. Patient records are currently kept locally, for example within a particular NHS trust, and are shared within NHS organisations on a ‘need to know’ basis. Most specialists who see a patient will write and inform their GP.

As with other large database projects – of which this country now has legion - the advantages of sharing information must be balanced with the possible pitfalls. The SCR’s benefits are most obvious for forgetful people who have a serious medical condition or allergy and are visiting friends out of town. This is a relatively small number of people and for the rest of us the benefits appear to be marginal. The rollout of the SCR raises serious questions around the issues of privacy, legality, effectiveness, and cost.

Privacy

In order for medical care to function effectively it is clearly absolutely essential that patients feel that their records are kept confidential. In line with this the leaflet Changes to your health records states that ‘anyone who has access to your records… must be directly involved in caring for you’. However this Connecting for Health document concedes that access will also be possible, without a patient being informed, ‘in the public interest’, ‘by statute’ or by court order.

The wide access necessary for the SCR to be effective massively increases potential for snooping. This is something of which Gordon Brown and Alex Salmond may already be aware. In order to police access to the SCR all NHS staff will be issued with a chip and pin card and retrieval of any record will leave an audit trail. But this does not address unauthorized access through logged in but unattended terminals, a common occurrence, or the accidental accessing of an incorrect patient’s record as a result of partial patient identifying details. Audit trail or not, it is hard to imagine that such a vast database can be effectively policed.

Central to the concept of privacy is deciding to whom your personal details should be displayed. Inclusion in the SCR is currently ‘opt-out’. Unless you make your wishes known, as I did, your patient records will become part of the SCR by default. This use of ‘presumed consent’ presupposes that individuals are aware of the SCR’s existence; yet in pilot areas many people were not (section 6.1.7). The recent mailings do not include an opt-out form, and opting out appears to be being made deliberately difficult. GPs are for instance unable to order opt-out forms in bulk.

The BMA has called on the Department of Health to suspend the SCR rollout as patients are not receiving the information they need to decide if they wish to be included on the SCR. London GPs have also been unenthusiastic.

Legality

The SCR is vulnerable to legal challenge. In a 2009 report by the Joseph Rowntree Reform Trust the SCR was awarded an ‘amber light’ indicating ‘the system demonstrates significant worrying failings and may fall foul of a legal challenge’. European law requires that systems which store sensitive personal information such as medical records either have the free and informed consent of the data subject, or be based on specific legal provisions that are sufficiently narrow to make their effect foreseeable. Such provisions must also be proportionate and necessary in a democratic society. The SCR would appear to fall short of these stipulations.

There are doubts about whether it will be possible for people to have themselves removed from the SCR. The DoH has been quoted as saying that it will be impossible, on the basis of medico-legal considerations and cost, to remove someone’s record once it has been entered.

Effectiveness

I am unaware of any evidence that the SCR will dramatically improve care. For some people, making relevant medical information available to emergency medical staff may be very beneficial and for a few possibly life saving. However for the vast majority of us it will be of little or no use. For a discussion of whom it may help click here.

In 2005 Amanda Campbell died from septicaemia despite having been assessed by eight doctors. During a Today programme interview Dr Eccles, medical director for Connecting for Health, mentioned her case as an example of where centralized records would have been of benefit. Whilst centralized records might have been useful this account suggests that her avoidable death was at least as much a result of the substandard medical care that she received, something outside the remit of a centralized records database. The SCR does not work abroad or even work across the whole of the UK, as Scotland has a different system. And relying on a single system means that errors can be propagated; I would not recommend that anyone leave their medical alert bracelet.

Cost

Originally expected to cost £2.3 billion over three years, in June 2006 the total cost of the NHS National Programme for IT was estimated by the National Audit Office to be £12.4bn over 10 years.

Links

SCR opt out form

The Big Opt Out – NHS confidentiality campaign

Database State – a super report (if you happen to think this sort of thing is interesting) about the failings of UK Government IT projects

Henry Porter on the SCR writing in the Guardian’s Liberty Central

Posted in Guest bloggers, Stephen Ginn.

Respond

Print page

Rights and permissions

By submitting your comment you agree to adhere to these terms and conditions

Jean Robinson

‘NHS staff in Newcastle (say) will be able to access the medical records of someone requiring care whose residence and GP is in Penzance’

Also, if you collapse at home, or in the street of your home town and are taken to your local A&E, they would know nothing about your medical history unless you had been admitted to the hospital before. But might possibly be in a better position to help you if they can log on and get your medications history and any pre-existing conditions. Especially if you are frail, elderly, confused or do not speak english very well. Currently, your local hospital has no more access to your GP records than a hospital in Penzance or Newcastle.

‘Most specialists who see a patient will write and inform their GP’.

They will indeed (or at least their junior doctors or medical secretaries will). In the PCT where I work, we receive several thousand discharge letters a quarter that have been misdirected to the wrong GP (large city, transient population). Most never make it to their destination. Clerks try to open them all and work out where they should go if the contents suggest the condition is serious. It would be so much simpler if the letter could be electronically transferred to the correct GP after checking the patients current details on the system. Wouldn’t it?
Paul Oliver-Smith

If it this true “The DoH has been quoted as saying that it will be impossible, on the basis of medico-legal considerations and cost, to remove someone’s record once it has been entered” how will the records of dead people ever be removed?
Michael Ney

The final question is “Do you trust any Government IT system?” HMRC lost the personal details including sensitive financial information, of 23 million of us. To this day they have absolutely not a clue as to who has these disks and what they are doing with the information. MoD have lost Secret disks, the NHS has lost any number of records. I wouldn’t trust any Government/EDS IT system with my cat’s medical records, much less mine. I shall carry a dog tag system with all my essential medical data in several languages as the Police and other emergency services use. If they don’t trust the Government, why should we?
Andrew

The link to the opt out form goes to an article about Penny Campbell. Can we have a link to the form ?
BMJ Group

Looking into this now.
Best wishes
Birte Twisselmann
BMJ Group

Link to the optout form has now been added.
Paddy Yorkshire

GP’s can order opt out forms in bulk in the PCT where I work, they’re just too stubborn to do so. This system isn’t going to prevent all deaths but surely an extra tool to help prevent some is a benefit?
http://BMJ Jane London

I work in mental healh. Our local hospital (medical ward) recently had a serious untoward incident where a woman died because she had a history of mental illness leading to her complaints of pain to be dismissed rather than investigated. Professionals make mistakes, and also write in prejudicial ways. Particularly when it comes to mental health. Say I receive a mental health diagnosis at one time, or even get one of those ‘hysterical wowman’ GP acronyms going because I don’t think my local service is investigating my changing mole quick enough (a six month wait), and then I need a hospital admission for a broken ankle, I don’t want to be dismissed as a nutter, which is very likely to happen. People, including health care professionals, continue to hold vast misconceptions and prejudices towards mental health. A mental health diagnosis on record WILL mean you are treaed differenly as a person, and may even have different treament decisions made about your care. I know quite a few people working in mental services who have currenly or in he past received mental health diagnoses (yes, even psychiatrists), they have all opted out. I will do the same, and advise those i care about to do so too.
DunxD

Somehow I am not surprised that on following the mail option for requesting the opt out forms one (ordered three) arrived one week after the deadline stated in the letter.

Incompetence doesn’t instil any kind of confidence, and fans the flames of conspiracy theory.

You can follow any responses to this entry through the RSS 2.0 feed.

BMJ.com

Helping doctors make better decisions. Visit site

BMJ Group blogs

BMJ