People living in London and four other strategic health authorities are currently receiving information in the post about the rollout of the NHS Summary Care Record (SCR) system. SCR is part of the NHS Care Records System, a large UK government IT project which aims for more effective sharing of patient records between NHS services. When the system is in full swing, NHS staff in Newcastle (say) will be able to access the medical records of someone requiring care whose residence and GP is in Penzance. The SCR will initially contain records of such things as medications and allergies, but may eventually become more detailed and also allow access to specialists’ letters and scans.
Controversy about this centralised system has been rumbling on for some time and before you read further I must declare my hand: I have opted out.
No record system is perfect. Whenever you meet with any NHS healthcare professional a record will be made of your interaction and, in these days of team working and shift work, this could be seen by a fairly large number of people. Equally if you are a patient on a ward, patient notes are most often not kept under lock and key and are therefore accessible to any nosey parker who happens to walk by. Patient records are currently kept locally, for example within a particular NHS trust, and are shared within NHS organisations on a ‘need to know’ basis. Most specialists who see a patient will write and inform their GP.
As with other large database projects – of which this country now has legion – the advantages of sharing information must be balanced with the possible pitfalls. The SCR’s benefits are most obvious for forgetful people who have a serious medical condition or allergy and are visiting friends out of town. This is a relatively small number of people and for the rest of us the benefits appear to be marginal. The rollout of the SCR raises serious questions around the issues of privacy, legality, effectiveness, and cost.
In order for medical care to function effectively it is clearly absolutely essential that patients feel that their records are kept confidential. In line with this the leaflet Changes to your health records states that ‘anyone who has access to your records… must be directly involved in caring for you’. However this Connecting for Health document concedes that access will also be possible, without a patient being informed, ‘in the public interest’, ‘by statute’ or by court order.
The wide access necessary for the SCR to be effective massively increases potential for snooping. This is something of which Gordon Brown and Alex Salmond may already be aware. In order to police access to the SCR all NHS staff will be issued with a chip and pin card and retrieval of any record will leave an audit trail. But this does not address unauthorized access through logged in but unattended terminals, a common occurrence, or the accidental accessing of an incorrect patient’s record as a result of partial patient identifying details. Audit trail or not, it is hard to imagine that such a vast database can be effectively policed.
Central to the concept of privacy is deciding to whom your personal details should be displayed. Inclusion in the SCR is currently ‘opt-out’. Unless you make your wishes known, as I did, your patient records will become part of the SCR by default. This use of ‘presumed consent’ presupposes that individuals are aware of the SCR’s existence; yet in pilot areas many people were not (section 6.1.7). The recent mailings do not include an opt-out form, and opting out appears to be being made deliberately difficult. GPs are for instance unable to order opt-out forms in bulk.
The BMA has called on the department of health to suspend the SCR rollout as patients are not receiving the information they need to decide if they wish to be included on the SCR. London GPs have also been unenthusiastic.
The SCR is vulnerable to legal challenge. In a 2009 report by the Joseph Rowntree Reform Trust the SCR was awarded an ‘amber light’ indicating ‘the system demonstrates significant worrying failings and may fall foul of a legal challenge’. European law requires that systems which store sensitive personal information such as medical records either have the free and informed consent of the data subject, or be based on specific legal provisions that are sufficiently narrow to make their effect foreseeable. Such provisions must also be proportionate and necessary in a democratic society. The SCR would appear to fall short of these stipulations.
There are doubts about whether it will be possible for people to have themselves removed from the SCR. The DoH has been quoted as saying that it will be impossible, on the basis of medico-legal considerations and cost, to remove someone’s record once it has been entered.
I am unaware of any evidence that the SCR will dramatically improve care. For some people, making relevant medical information available to emergency medical staff may be very beneficial and for a few possibly life saving. However for the vast majority of us it will be of little or no use. For a discussion of whom it may help click here.
In 2005 Amanda Campbell, died from septicaemia despite having been assessed by eight doctors. During a Today programme interview Dr Eccles, medical director for Connecting for Health, mentioned her case as an example of where centralized records would have been of benefit. Whilst centralized records might have been useful this account suggests that her avoidable death was at least as much a result of the substandard medical care that she received, something outside the remit of a centralized records database. The SCR does not work abroad or even work across the whole of the UK, as Scotland has a different system. And relying on a single system means that errors can be propagated; I would not recommend that anyone leave their medical alert bracelet at home.
Originally expected to cost £2.3 billion over three years, in June 2006 the total cost of the NHS National Programme for IT was estimated by the National Audit Office to be £12.4bn over 10 years.
The Big Opt Out – NHS confidentiality campaign
Database State – a super report (if you happen to think this sort of thing is interesting) about the failings of UK Government IT projects
Henry Porter on the SCR writing in the Guardian’s Liberty Central
Addedum 26 April 2010
Over 1000 people have read this post since I published it. If it changed your mind, or even if it didn’t, I’d really like to know your story. Please leave a comment below.