« Heathrow Express "see through your clothes" scanner trial begins - 80 second scan time = queues and missed trains or planes - updated | Main | Why is the Highways Agency selling motorway CCTV images via mobile phone ? »

NHS electronic medical records "data spine" privacy and security worries

We have to remind ourselves and our readers that the Home Office is not the sole source of all privacy and security "evil" in the Government - the Department of Health is busy making its own multi-billion pound NPfIT (National Programme for IT in the NHS) contribution, with the controversial National Health Service "data spine", for centralising all NHS medical records ("care records") in the UK, giving hundreds of thousands of authorised healthcare workers access to them at any time.

The system uses the sneaky "implied consent" model so beloved of centralised bureaucracies, rather than the explcit, informed, individual, consent which the principles of data protection, and the Data Protection Act require.

via Informaticopia:

Possible legal challenge over privacy of electronic health records

Dr Paul Thornton has written a paper entitled "Why might National NHS Database proposals be unlawful?"(.pdf) in which he makes a strong case that "carry grave & imminent risks for both civil liberties and public health", and that "the legal justifications used to substantiate their proposals are untested in the courts and require independent judicial clarification".

He argues very convincingly that the NHS Care Records Guarantee(.pdf) doesn't provide sufficient safeguards. The acceptance of implied consent to the placing of patient records in a national database, rather than requiring individual and explicit patient opt-in to the sharing of their information is seen as contravening both the Data Protection Act and Human Rights legislation.

The plans outlined by NHS Connecting for Health for a "sealed envelope" to hold sensitive information which the patient feels needs be have restricted, are now beginning to look less secure. The fact that the sealed envelope will not be available for the very first release of the NHS Care Record Service and upload of data to the national database, as previously reported on this blog, is complicating matters!

We also have privacy and security worries about the audit trails of who accesses someone's medical record and from which specialised clinic or medical role

We have similar worries over the new patient appointment booking system audit trails.

Who exactly has access to these audit trails, which are not, technically covered by the supposed confidentiality promises regarding medical records ?

Are they to be routinely handed over to the Police and Immigration authorities ?

We worry that these audit trails will give an indirect impression of people's health or medical details, and will be of use to stalkers, kidnappers, burglars (if you are booked in to hospital or have a medical appointment your home will probably be unguarded), paparazzi and a myriad of other snoopers, in a similar way that the National Identity Register audit trail would.

The paper by Dr Paul Thornton is well worth a read, as is one of its references:

"Sealed Envelopes” Briefing Paper Draft .NHS Connecting for Health Document record ID Key NPFIT-FNT-TO-PRJMGT-0035.10 , Version 1.0 18/11/05

This explains the complicated process of "sealed envelopes", and how they can be "unsealed" without a patient's consent or even sealed by a clinician to hide medical information from the patient, but not from other healtcare workers.

It also mangles the English language with the concept of "patient dissent" to mean the people who have taken the trouble to opt out of the system, who, to a snooper, will be flagged as having something juicy to hide.

Remember that the Common Law Duty of Confidentiality for professionals in a position of trust, with respect to the medical records of Children, has been destroyed by the passage of the Children Act 2004 Section 12 Information databases , which

(11) Regulations under subsection (5) may also provide that anything which may be done under regulations under subsection (6)(c) to (e) or (9) may be done notwithstanding any rule of common law which prohibits or restricts the disclosure of information.


I think that there are two views points to be considered when strongly advocating the use of EMR in practices. For a Doctor it needs to easy to use and save time so that more time can be spend on the patient. Currently we have many vendors with different types of EMR that are so hard to use that it simply puts them off. I think healthcare technology companies need to develop product after regular interaction with doctors to ensure that they provide just what is required. At binaryspectrum we have developed our healthcare solutions after spending countless number of hours with doctors to ensure that its work flow is kept simple and intuitive. This is then followed up with a period of Beta testing in real time environment before it is offered as a product in the market.

Post a comment