Categories
Fail NHS privacy security Summary Care Records Uncategorized

NHS Data Confidentiality #Fail

I have been on an interesting and lengthy journey through the NHS IT project and the data that is (or is not) held on me. In 2007 my wife and I lodged with the GP our objection to our medical data being uploaded from the GP practice to a central NHS database. Given the ability of National Government bodies to lose personal information I wanted to have as little as possible to be lost. This was all accepted and done, and then the Summary Care Records farce began. If you want to read more try these:
The big optout campaign
NHS Statement on opting out
Computer Weekly’s view on matters
And their report on Janet Street-Porter’s article

Frankly I think that it is more likely that either
a) an inaccurate SCR will cause my death or injury, or
b) my medical data will be leaked to someone who has no need to read it
than my being injured/killed as a result of no SCR being held.

Think about it – when you arrive in A&E you’re mostly conscious, or have conscious friends/family with you. If neither occur, then emergency life saving procedures rarely run the risk of killing you with the wrong thing, yet an inaccurate SCR (and there are reports of significant inaccuracies – I\’ve seen numbers like 1 in 10 bandied around) will be taken as Gospel and used.  I\’d much rather the well understood and exercised defensive A&E practices kept me alive.  That link also includes the observation that there is \”No evidence of safer care\”
Nor is it clear who is responsible for errors and ensuring that the records are corrected .

If you have a serious allergy (some of my family members are allergic to penicillin) then an SCR will not prevent A&E killing you with the wrong substance if you are outside the scope of the SCR (say Ireland, Scotland, Europe, Asia…. anywhere outside England & Wales in fact).
Besides, really, if you have a serious allergy or similar then wear a medical alert bracelet!

But back to the point – the website detailing what can and cannot happen with your records seems to have a contradiction at its core.
On the page detailing Access to medical records  it is stated that \”Access to a patient\’s demographic record does not require a legitimate relationship.\”
Yet, when you click on the link from the words \”Legitimate Relationship\” you go to (surprise suprise) Legitimate Relationships page  you get the statements
\”A legitimate relationship (LR) is an electronic record stored on the Spine. It details the care relationship between a patient and a healthcare professional (or group of healthcare professionals).
It is used to restrict access so only the healthcare professionals involved in the patient\’s care can access clinical information\”

So which is it?  Can anyone read my records, or only closely involved medical staff – I’ve asked, maybe you should too; and in the meantime maybe you should opt out of the SCR process too.

By P J Bryant

Ramblings of a freelance IT Consultant working for some nice SME's, large organisations, resellers and the usual friends and family! Bit of

One reply on “NHS Data Confidentiality #Fail”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s