GPs and their families urged to boycott NHS 'spine'

Tags: A Audit CfH Confidentiality Data GP GPC GPs iS NHS Spine NPfIT PDS Security Spine

20 Jun 2006

GP representatives are advising GPs and their families to consider withdrawing themselves from the NHS spine “as an example to the nation” because of concerns about the confidentiality of demographic data.

Last week’s local medical committees’ conference voted in favour of a proposal to advise GPs to consider withdrawing from the spine after hearing about access to the personal demographics service (PDS) which holds demographic data on every patient in England.

Dr Preston de Mendonca, a GP in Plymouth, Devon, told representatives that he was very concerned about the security of the “single biggest public database in this country.”

He told the conference that the PDS could be accessed with an NHS smartcard and claimed there are about 250,000 NHS smartcards in circulation including about 50,000 in general practice.

He added: “Any lock that can be opened by 50,000 keys is not secure.”

Dr de Mendonca claimed it was possible for anyone with a smartcard to access the PDS and use it to find the address of any other person on the spine in England.

He told the conference: “It doesn’t matter whether there’s an audit trail, there are going to be millions of footprints in the system. We are the guardians of our patients’ confidentiality and if we don’t have a view about this then who will.”

A total of 54% of representatives voted in favour of the proposal with 46% against despite a speech in defence of the PDS from Dr Gillian Braunold, national GP clinical lead for Connecting for Health and a GP in London.

She told the conference that the spine was subject to eGIF level 3 security, that an audit trail would detect unauthorised access and that ‘stop-noting’ would mean those with legitimate reasons to withhold their data from the spine, such as abused partners, would be able to do so.

She added: “There are many, many safeguards and the clinical leads are continuing to work with CfH to bring the concerns of the profession into CfH. If you vote for this the views of GPs are the views of conservatism and you will be disabling benefits to patient care.”

Dr Paul Cundy, chair of the IT sub-committee of the British Medical Association’s General Practitioner Committee (GPC), had told the conference that the sentiment was consistent with GPC policy which was that individual patients should make their own decisions about the PDS but he questioned whether it was appropriate for the conference to advise individual doctors what to do.

The conference also backed a motion calling for an opt-in consent model for the NHS Care Records Service, reaffirming GPC’s policy which is contrary to the opt-out model proposed by Connecting for Health. The same motion, which was passed by representatives, called for progress on the National Programme for IT (NPfIT) to be halted until “all matters of confidentiality are assured.”

Dr Richard Dales, from Herefordshire LMC, failed to convince representatives that they should vote for the whole programme to be abandoned.

He described NPfIT as a “juggernaut out of control” and added: “Now is the time to spend this huge sum of money elsewhere.”

Readers Comments

How secure is most GP surgeries

20 Jun 06 11:59

I preferred to have my details computerised then to have it in a Llyod george note

passwords

20 Jun 06 12:31

I've lost count of the number of times I've seen staff passwords written on post-it notes and stuck onto screens in GP surgeries.Maybe GP's should tighten their own ships first. Hmmm

"We are the guardians of our patients’ confidentiality"

20 Jun 06 15:16

Not alone you are not! All NHS staff are duty bound to obey the NHS code of Confidentiality - it is a contractual obligation. All NHS staff have a duty to protect the confidentiality of patient information - it is not limited to GPs and their staff -it is a universal requirement of ALL NHS employees.

Furthermore, “Any lock that can be opened by 50,000 keys is not secure” - compared to what exactly? A paper record that can be picked up by anyone in an NHS site be it a desk in a GP surgery or a trolley at an acute site? These 50,000 "keys" are audited. The users of these keys (smartcards) leave an audit trial which you could never have with a paper record. Exactly how is this less secure than paper records? As for accessing demographic details of people from the spine, there are many ways in which I could obtain demographic, banking and more personal details with a computer and a credit card than is possible than by someone misusing their access to the spine - which, incidentally, would be a disciplinary offence and dealt with through the relevant channels surely?

“It doesn’t matter whether there’s an audit trail, there are going to be millions of footprints in the system. We are the guardians of our patients’ confidentiality and if we don’t have a view about this then who will.” Why does this audit trail, which is an improvement on auditless access to paper records, not matter?

The simple truth is that the patient information held does not belong to a GP or a consultant or a nurse or any other clinician - it belongs to the patient and the patient belongs to the NHS - not a hospital or GP site or service - the NHS - a single organisation (in the eyes of the patients) and access to this information for clinicians to help them make the best informed clinical decisions they can for the patient is what should be the driving force behind all decisions related to patient information - what is best for the patient?

As the other posters to this thread have already mentioned shortcomings in security of patient records and access to systems I am not going to repeat them merely add that the opt-in consent policy of the GPC is unworkable and that for the NHS to try to implement such a model would cost untold millions in chasing patients who do not respond either way (opt in or opt out)!

Laugh or Cry

20 Jun 06 15:58

I dont know whether to laugh or cry at the misinformation spread by the GP's and CFH's inability to counter these comments. Some one need to tell these GP's PDS is essentially a repalcement of existing NSTS. PDS will be probed only when patient makes a contact with a healthcare setting. Smart cards restricts what you can access depening on your profile. And also the demographics of all the citizens of this country are available through voters list which ar emade avialble to political parties.

These guys will got any length to make this project fail and prove a point.

Weeping all round

20 Jun 06 18:53

The spine is the one part of this awful mess that makes sense. To have a universal summary available to all practitioners with the bare essential details is the most useful bit of the programme. Ripping out all Hospital Systems in favour of more expensive, less functional ones is not.

As a patient, I do not believe the GPs speak for me. They are private practitioners with vested interests in fragmented data.

It is true that NSTS, and Exeter before it shared data nationally, but these were used for administrative and financial purposes, the number of people accessing were far fewer (no audit trails mind).

Opting in rather than out is also a bad decision. The Hampshire EHR has gone the other way, and I beleive that an opt-in will create too many lost records through apathy. You don't opt whether to have your bank details stored on their computer, you just expect them to keep a very close and accurate eye on your money. So it should be with health.

There are so many areas that the Audit Commission could have redirected and refocussed, but they have failed us. Perhaps if the GPs were a bit more patient focussed in their criticisms, they could effect useful change.

But not through a boycott.

Yay

21 Jun 06 01:42

I have been reading and commenting on these forums for a long time now and all I hear are the LMC and GPs banging on about patient confidentiality. 50,000 smartcards are in circulation, this is true. Everyone who has a smartcard requires their managers' approval. I am an IT Trainer that trains on the Choose and Book system and also on iPM. I don't have a smart card because I don't have any right to see a patient's information.

Besides which, the way the system works means that you need at least some of the patient's information FIRST before you can search on the spine. Its not like an Access database query. Dear God. Stop spreading paranoia. Its the most frustrating thing that something that could actually benefit the NHS is being held up by GPs and the LMCs because they don't fancy it.

I have signed my confidentiality agreement. If, in 20 year's time, whether I am working for the NHS or not, I were to disclose any of the patient information I have seen I would be liable for prosecution, the same is true of all NHS staff. What makes GPs the guardians of patient info? All NHS staff members are.

Security measures are more stringent than any system we have in place at the moment.

Telephone referrals left on answering machines? Wow. that's good and confidential. Glad we have THAT system!!

Not a new phenomonen

21 Jun 06 08:45

"And why beholdest thou the mote that is in thy brother's eye, but considerest not the beam that is in thine own eye?" Matthew 7 I believe this sort of hypocrisy has been recognised for 2 millenia.

What safeguards do we GPs have to stop patients demographic details being inappropriately accessed on our clinical systems let alone clinical data? None basically. I effectively have no way of ensuring that alerts are generated if staff are doing this.

I despair of my colleagues whining and mithering. This is a lot of pompous prattle dressed up as pious concern for patients welfare.

All this sort of data can be found easily on the internet from serch engines linked to elctoral registers anyway and with a lot less safeguards!

Laugh or Cry?

21 Jun 06 09:01

Do they get incentive payments for obstructing progress?

Three points

21 Jun 06 09:17

Firstly, a personal view as someone who is not an NHS employee but has been a patient many times. I wholeheartedly endorse the view that GPs are right to assume the mantle of guardians of my confidentiality. There are good and bad people in both camps, but generally I trust doctors. I do not trust the rest of the NHS infrastructure.

Secondly the Lloyd George record has brilliant security. It is a leaf hidden in a forest. The thing about computerised records is that they open up whole new business models for the fraudster.

Thirdly (and I am looking for clarification here), my understanding is that NSTS has only about 40,000 users with access restricted to those with a need to get to NSTS data specifically: access is not bundled with access to other functionality.

What is there to opt out of?

21 Jun 06 09:26

Any organisation with multiple branches and a National customer base must maintain a central searchable demographics database. Have these GPs voted, opened a bank account or registered a car anytime in the last 50 years? Have they tried opting out of Income Tax or National Insurance databases using the same argument?

If you are going to take a pop at least get your facts right! The 'opt out' is promised at the level of the NCRS 'clinical' record not Personal Demographics Service.

If you have an NHS number, your demographics, or an approximation thereof, WILL be registered on Exeter/NHAIS, PDS etc e.g. links from http://www.worcestershirehealth.nhs.uk/npfit/NHAIS/default.asp :possibly several times over ;-)

I believe there can be no opt out from this other than eschewing NHS care completely.

GPs using security concerns as a stalking horse against NHS CfH may find it backfires. This kind of unthinking, ill-informed opposition undermines those who ask legitimate questions about the Program.

Fleece or Fleeced

21 Jun 06 10:02

Presumably a cry for "Stuff their mouths with Gold" will be cried. Could think of some other agents.

Lloyd George's

21 Jun 06 10:10

Lloyd Georges DO NOT have "brilliant security".

Opting out??

averil.stewart@systemc.com

21 Jun 06 10:33

Can someone tell me how I opt out?? My ex-partner is within the medical profession and I don't see why I should have my details so freely available to him or anyone. Insurance companies or other bdies I employ have to ask for my permission and signature to gain access to my records so why should the programme be given that right "gratis" without my consent or even consultation? It would help if people were informed how to make "their rightful Patient Choice" in this instance, actually heard !!

security

21 Jun 06 10:50

“Any lock that can be opened by 50,000 keys is not secure.” Would reducing the number of key holders make the system more secure or just unworkable? If those who need access to the information cannot get it then the system is boutnd to fail as staff in surgeries find workarounds and shortcuts which will impact on data accuracy and security.

Not their data

21 Jun 06 11:03

I am so tired of GPs complaining and claiming it is on my behalf. It is MY data, not theirs and I would rather it was in a secure system than on ropey old Lloyd George notes where any nosey receptionist can read it. Judging from the majority of comments here, most people feel the same, so why are the BMA getting so much airtime and credence for this ongoing whinge-fest?

Lloyd George

21 Jun 06 11:05

Maybe I didn't make myself clear. My point was that fragmented paper records (or even fragmented electronic records) are inherently less of a security problem because there are fewer lucrative models for potential misuse.

Yes there are lots of opportunities to pick up a paper record in hospital or surgery (which is not right) but when did you last hear of the theft of paper records precipitating large scale identity theft as has happened recently in other environments?

OK, "brilliant" is hyberbole, but compared with a widely accessible national database, only just.

Hot Air

21 Jun 06 11:24

Whilst distracted by the debate the world carries on, information is locked in isolated systems when it could help with patient care. Great care needs to be taken before the debate moves to discuss if the current structure of Primary care supports the needs of a 21st century NHS. Should private business be allowed to hold the NHS reforms to ransom? Opt out would seem the most pragmatic and if GPs are correct and patients are worried then most will opt out. Rather than assuming what their patients think or want, perhaps GPs should ask them?

Why

21 Jun 06 11:25

Is this debate happening 2+ years down the line. Unbelievable.

Not secure?

21 Jun 06 11:37

There seems to be a widespread belief that the spine is less secure than banks, credit card companies, voting registers, existing computerised GP medical records (which is almost all of them) or any of the other large databases, but where is the evidence?

We should also consider the micro as well as the macro. I have heard of a patient being blackmailed following someone picking up a Lloyd George... I believe this is less likely in an auditable system.

As for opting out your GP can help with this

LLoyd George - brilliant?

21 Jun 06 11:43

Yes, so brilliant that they can only be accessed by my GP (assuming he's available, which is not often) or others in his surgery - they can't be read if I'm taken to hospital or need medical care elsewhere in the country. Oh, and if I move GPs they take 6 months (in my experience) to be transferred to the new surgery. I agree with the previous comment - the spine is one of the really good things about NPfIT and it's not helpful for GPs to use it as a target. There seems to be some idea that the electronic records will be accessible to anyone in the NHS - this is not the case - only by those with a direct clinical relationship with the patient - so it's not as though junior doctors up and down the country will be able to get in and have a look. In addition to this the audit trail will provide evidence of exactly who has viewed it. The NHS IA conducted a wide-ranging consultation some time ago about electronic medical records and the general public were very happy for their information to be held this way - based on this evidence GPs are not speaking on behalf of their patients at all.

Locks, Keys and Security

21 Jun 06 12:07

There are millions of door keys in the country, but a single key doesn't get you into everybody's home. How many GPs are perfectly happy to leave their home or car unattended with a lock on the door and a corresponding key in their pocket?

A smart card is exactly that - smart: it opens only the doors to data that the card owner is allowed to enter. Only clinicians with an established, authorised, legitimate relationship with a patient will be able to access that patient's details: for example, GPs will be able to access the details of patients who are registered with their practice, but not those of patients registered with other practices.

The Caldicott Guardians are the ultimate guardians of patient confidentiality, and have been appointed specifically for that purpose. Who gave GPs permission to depose them and assume that role for themselves (Dr de Medonca - "we are the guardians of our patients' confidentiality and if we don’t have a view about this then who will")?

To supplement door locks and keys, many homes and vehicles are fitted with additional security features and alarms, and the same is true of computer systems. Confidentiality and data security are taken very seriously indeed, and great care is being taken to ensure that all appropriate safeguards are being designed and built into the spine. The data in these systems will undoubtedly be some of the best protected anywhere.

Lloyd George

jlgh_consult@dsl.pipex.com

21 Jun 06 12:36

My point (and I believe the GPs' point - they voted against abandoning the programme altogether) was not that the Spine or PDS was wrong in itself, nor that is better than generally. I too agree that the Spine is a good thing.

A national database that is potentially accessible by a significant percentage of the working population does however raises security issues way beyond those raised by local systems, paper or electronic. That doesn't mean that we shouldn't do it.

It really does not help to stigmatise GPs as self-serving and stupid obscurantists. A few may be but most are not. The point they make is a good one.

some accurate information....

pdc124@yahoo.co.uk

21 Jun 06 14:22

http://www.cl.cam.ac.uk/~rja14/#Med will throw some informed light on this

Locks, Keys and Security....

21 Jun 06 15:02

With reference to the above titled comment - how many of those GPs would be content to leave their home or car knowing that the bulider/supplier has promised that at some indefinite point in the future the keys will be restricted to just the legitimate users, but for the meantime the other 100,000+ key holders will have access? My experience of one of the national applications is that the so-called legitimate relationships control of access is just so much hot air and future promises at present, with no believable delivery date for implementation. Also, access to the audit information regarding access is a joke, and so far out of date as to be essentially useless. Why was not the establishment of a valid security model for the spine and access control a prerequisite for the deployment of any of the LSP/NASP systems? I think that the poster of this comment sums up the cart before horse nature of the whole programme in his last paragraph - "great care is being taken to ensure that all appropriate safeguards are being designed and built into the spine" - why was this not part of the original design and implementation? Why is it only now, after the spine is in use, that this matter is being addressed?

To follow the locks analogy - how many of those GPs would buy a house or car that they had to retro-fit locks to?

Re. Accurate Information

21 Jun 06 15:50

You might want to put on your tin-foil hat before you read that article.

Nothing like EPR to bring out the conspiracy theorists and "we're all going to die" merchants.

It's easy to take a pop at the small minority of luddite clinicians. It's just a pity that lately, it's they who seem to shout louder than the majority who are putting their shoulders to the wheel to make this work.

Why Worry???....

21 Jun 06 15:54

Whether access to patient data is secure in the hands of those who view or not could well be irrelevant. Lets be realistic.. despite the wonderful reviews, stats, progress reports etc.. someone loses access to the spine weekly somewhere in the country, (check the communiques!!!) lorenzo is up and down, smartcards I am told are to be replaced yet again at cost to the tax payer I suspect (over budget yet again), smartcards currently used regularly and intermittently stop working, C&B is failing to work promptly if at all, the data quality on the spine is already proving to be poor with data being overwritten, removed etc.. N3 connections are failing and not up to required spec, and the gov want to create a new task force and throw yet more resource and money after this because it clearly is failing to deliver. What happened to get it right first time? or even the second... Ive lost count on this one.

C4H have already stated you cannot access patient details across the clusters.. so much for an EPR! Why worry.. someone needs to get it working, delivered, tested and rolled out once and for all and stop moving the goal posts!

Why is this happening 2years +

21 Jun 06 16:08

That is a very good question. Probably because no one was willing to make a clear ruling, talk is easier than actions and doesnt necessarily come with litigation. Opt in... opt out ..time to choose one and get on with it. we really do have bigger problems looming.

an easy test

21 Jun 06 16:27

Tony Blair and Granger canannounce that their personal and families' meidcal records are stored electronically. A good test of both their secuity model and the implementaiton of it

Lloyd George

21 Jun 06 18:23

One of the great advantages of a Lloyd George file was that it could get lost when the need arose - the problem with electronic records is that they tend to hang around (even if access is interrupted!). The Audit Commission in 1996 reported that 35% of hospital records were lost or missing. I thought this woeful record handling until friends of ours found that their child's hospital records got 'lost' after a problem delivery. It is enough to make one cynical, particularly of doctors claiming to act on patients' behalf.

is an EHR beneficial or not?

21 Jun 06 18:29

I am greatly mystified by GPs focus on confidentiality. Surely an EHR is either bad for patients in terms of clinical care (so reject it on those grounds); of benefit to patients (so balance the good against [remotely] possible ill); or really not much use at all (in which case object purely as a waste of money). Given the scale of iatrogenic error (see IOM reports: Crossing the Quality Chasm) , clinicians should be looking far more at how to make medicine better and how IT can help them be more consistently good in practice. If it is confidentiality they are worried about then they should go after www.192.com (though admittedly that doesn't have clinical data yet, though GPs seem to be doing their best to make sure the Spine doesn't either)

We're not in Tannochbrae anymore...

21 Jun 06 18:41

I spend much of my work trawling through patient records, auditing care, investigating complaints, etc. In general, they're such a mess it's a wonder we can operate safely with this level of information to support clinical decision making. That's assuming the storage and archive services can make them available to the clinician and the patient in the first place.

I have attended an inquest on a patient who died because the GP practice couldn't effectively communicate his allergies within their own team. The vital information got lost because it was inaccessible in a bundle of papers.

GPs need to remember that they're not the only providers of primary and community health, especially with new schemes to manage chronic diseases and the move to NHS provided Out of Hours Services. Hanging onto data as if they were the only people who needed to know makes no sense in today's NHS. Ideally patients ought to know and carry their own data but many are too young, old. or sick to do so and some can't safeguard their own information because of their life circumstances.

Clarification...

21 Jun 06 18:53

Just to clarify - this article relates to the PDS. The PDS contains nothing more sinister than patient demographic details (hence its cunning name). These details are far more easily available elsewhere and are of no more use to a potential snooper than a telephone book or voters register. The security surrounding the PDS is actually very effective assuming that GP's and staff follow basic security measures - i.e. they don't leave smart cards in card readers, don't leave data on screen and unnattended and don't print paper copies off and leave them laying around. Any system will only be as secure as the people using it and in this particular case I can honestly say that I believe the security of the PDS and Spine in general are not going to be either a week point or an issue.

Tannochbrae

cclements1@mac.com

22 Jun 06 19:42

"Ideally patients ought to know and carry their own data but many are too young, old. or sick to do so and some can't safeguard their own information because of their life circumstances." This will of course apply to some of the population but should not prevent most of us having a smartcard with our medical record. What about implantable chips?If I had a serious allergy etc.I would feel much safer if I was "chipped". My wife was given a drug in hospital to which she had an adverse reaction because no one read the notes properly.

... and finally

nhstechie@btinternet.com

23 Jun 06 00:00

So GPs are conerned about their families demographic details being shared on the Spine? I've lost count of the number of GPs whose servers containing very detailed and confidential patient records on bog-standard unencrypted hard disks over the past 5 years. Banks, Credit Cards, Inland Revenue, DVLC, Insurance Companies, Police National Computer, Passport Office, Loyalty Cards ... for goodness sake let's get a sense of proportion.

Both positions have some truth

23 Jun 06 08:40

I feel that both positions have some truth. As a person with epilepsy, I would like doctors who are treating me wherever I am to have access to my full medical record. However if I were to apply for a job in the NHS I would like to be assured that no-one could check my medical record and draw their own conclusons. If I were to work in a biotechnology company (e.g. Huntingdon Life Sciences) I would not even want my demographics on the NHS system. I feel the two fundamental requirements are the PATIENT's right to choose whether their details to go forward or not and which elements of those details, and for access to be PREVENTED unless there is a link to a medical event. Audit trails are all very well but no-one looks at them unless an inappropriate access is already suspected, by which time it would be too late to prevent it and the effect on people's lives. If people had to fraudulently enter an event that had not taken place, it would be much more easy to audit inappropriate access. Is it possible to consider giving patients themselves the right, with proper identity checks and biometrics, to review their own record and who has accessed it?

No computer system is totally secure

23 Jun 06 10:07

Having told the Minister for Health that I want to opt out from having my records held on the spine, I was told to tell my PCT. Having told my PCT, after a long gap, I have received a 4 page reply telling me that I cannot opt out from NSTS, PDS or NHSC without leaving the NHS and becoming a private patient. They then go on to tell me that I could opt out from the NCRS via a sealed envelope etc, but they don't have the technology yet! Funny, because I'm sure I've read that Scotland has managed to do it. The fact of the matter is that no cumputer system is totally secure. I'm sure the Pentagon thought theirs was before a 16-year old hacked into it. I am less concerned about someone who knew me or was looking for me tracking me down through the spine, or a nosy receptionist. Every computer system is hackable if someone wants to do it. I have nothing to hide but surely I should have a choice about who my information is shared with. I have that choice with banks and shops. Why don't I have that choice with the NHS? Medical information is much more sensitive and personal than how much money I have or don't have, or what I buy at Tesco.

Real issue

23 Jun 06 10:33

First - I wonder how many people are either killed or harmed each year through lack of access to information, typos, missreading and why that GPs don't weigh up the potential benefits against the risks that will exst.

Second - I wonder if GPs are worried about security or the fact that under an electronic record future, I as a patient will become the gatekeeper of my care, not the GP. If I do not like the service provided by my GP - I will go elsewhere and grant access to my record to my chosen care provider. How much of this security scare mongering by GPs is related to this threat to their traditional role in controlling my healthcare - or am I being synical ? I no more Trust GPs and their staff than I do any other part of the NHS - in fact GP systems enable their admin staff to see all my clinical information, often in public reception areas. Perhaps GPs should be insisting their supplier put in role based access to remove the all or nothing access that certainly exists in the practice I attend, rather than atttacking the national programme. Maybe they could come up with practical suggestions on getting the right balance between the risks and benefits of sharing info - rather than this predictable ranting - or maybe the department should buy out their opposition as per normal.

guardians?

23 Jun 06 11:16

I can't remember appointing my GP as my "personal confidentiality guardian" Whilst i am gald that security issues are questioned and debated, I'm getting pretty sick and tired of GP's attitude generally, and to NPfIT /CfH in particular. Their public voice, political clout, and collective sense of self importance does seems inflated. One union Thatcher forgot to crush?

Re: No computer system is totally secure

23 Jun 06 16:46

Firstly, the demographics currently held on the spine and the Electronic Patient record (EPR) which will one day be available are two entirely different things. Firstly I could obtain your demographic data from multiple sources without the difficulty of obtining a smartcard and an N3 connection. Secondly, the role based access control means that access is granted only to those with a legitimate requirement - it will not provide universal access. Is it possible that, as occurs occasionally now, someone might access your records for nefarious reasons - yes! But unlike paper based records or closed clinical systems there will be an audit trial to lead us back to the culprit. The N3 network upon which this will sit is a private network - NHS access only - one layer of security, the Role Based access control to determine what an individual can access is another layer (usually this involves inpuut from a clinical sponsor or head of a service to ensure correct access is given to their staff), finally the smartcard with a PIN number is a further layer of security. There has to be a point where security and access is tightly controlled and monitored but does not reach a point where it makes access to the information held too difficult or long winded to be used effectively within clinical and non clinical settings.

If you think you have a choice about what information is held about you with banks or shops or any organisation that has large customer databases then I think you may be in for a shock if you ever investigate what details are held about you. The choice to opt out of a record should of course be available to you if you feel that strongly but since the purpose of making this information available to clinicians at the point of treatment is to enable them to make the best informed decisions concerning your treatment why would you want the clinician treating you not be as well informed as possible?

Re: real issue

23 Jun 06 17:13

"I wonder how many people are either killed or harmed each year through lack of access to information, typos, missreading.." - I raised a similar point here some time ago and recieved much malignment from clinicians who dismissed the argument along the lines of these incidents are so few as to be non existant despite these statistics being published in the national press.

The points you raise about GP staff having access to clinical information is a valid one. The clinical systems do have access levels that can be set however to ensure that different individuals have different levels of access. It may well be the case that these are not always used at your GP site. It is also the case that the staff manning reception often perform a variety of other administration tasks above and beyond what you see them do on the front desk and may legitimately need access to the clinical parts of your record.

Certainly one of the problems that face a number of GP sites is that their patient data is predominantly paper based and is not on their clinical system - which means that it would not be available to the spine in turn! This is despite the (finacially very rewarding) nGMS contract including a requirement for GPs to actively use consultation mode to record patient data. The Directed Enhanced Services published recently contain financial incentives for practices to move towards being paperlight and holding more patient information electronically.

I do feel strongly

26 Jun 06 10:19

Perhaps I would be surprised about the depth of information about me held by banks etc. but if it is beyond what I have agreed to, then I should have recourse. The point is, I have agreed (or not) to that information being held AND SHARED with certain people. Prying eyes at my GP Surgery would total 20 at the most. I work at a GP Surgery and know that most if not all of us, are far too busy to go around leafing through notes to see if there was anything juicy to find out about someone. I have not agreed or even been asked to agree to my GP information being shared (potentially) with 50,000 other individuals, for whatever purpose. Having an audit trail is of course something not available with paper records, but surely that is closing the stable door .....

On the fact of it the purpose of gathering health information really cannot be flawed. It is the scale of the storing of the information and the potential misuse of that information that I object to.

I have no faith in the Government's record with computer systems. In fact, I have no faith in the Government and would incline to the belief that there is a great deal more to be discovered about their unending plans to gather more and more information about us through technology.

I do feel strongly about who my information is shared with. I have the right under the Data Protection Act for that information to only be shared with those I choose. Why does the NHS seem to believe they are apart from this requirement?

Patients point of view

26 Jun 06 11:21

I for one am shocked at the way the health profession seem to be wanting to share our information.

Some patients, such as me, view their medical information as being extreamly private and feel violated when we find out others have been getting told about it Some us feel that we should be able to see our GP about anything and not have to worry about even other doctors/nurses gaining access to it, especially those in a hospital.

The health profession is not exactly the most pure of professions. Some of them have let doctors carry on practicing even though they identified them as a threat to patients, they have stollen organs from dead children, they have taught trainees to carry out intimate examinations on patients without patient consent (this only stoped because they got caught) and even though they denied us the right to access our records they disclosed our most sensitive informaton to researchers, clerical staff and others behind our backs (this led to the introduction of the Health and Social Care Act 2001) and if an insurrance company wanted to know about it, then GPs were all to willing to tell them (for a fee).

Should we patients, who are usually the last to get told about who is accessing our records (I had to find out the hard way that clerical staff at my practices were being allowed to access my records because it turns out that they are 'authorised users', nobody I have asked or they have asked knew about this) be simply told 'trust us' and get told we are not in a postion to decide who sees what and when? This has already left me feeling sexually abused (made worse because I was abused as a child).

It is no use saying that people will be punished IF they get caught (do you really think our 'guardians' will run arround finding out if there has been an unautherised access and then report it if it meant that it would show the syaystem is open to abuse, which would undermine patient trust and therfore the system?). That does not take away the feeling of hummilation, violation or the incrediable amount of emotional pain that they caused (which is made worse as wel have to tell others such as the GMC who have been accused of asking humilating questions and more interested in reputaions than protecting patients). Even where there is 'authorised access' this sort of harm and damage can be caused, and us patients are simply told 'opps' or 'get over it' then have the consent for the disclosure backdated to allow the continude sharring of that information. It is no use sying, 'don't worry, they have signed a confidentality clause, they won't tell anyone', the doctor/nusre was not meant to tell, others, but most do that every day. That does not make it any better, the fact that they know can be extraemally harmful and leaving the patient feeling abused, betrayed and humilated.

I have even had a subject access request changed. This allowed a member of clerical; staff that I had made a complaint against to have unresticted access to my GP records. And the reson that was given? They are allowed to do it. They have not had to say why. Will that be allowed with the new system? For example, you consent to limted sharing, but that is changed to unlimited sharing or you agree to allow one person access, but they can change that consent to allow others access? I even had a practice manager gain access to the details of blood test I had and not been told why she was given it. My PCT has refused to say if they hold identifiable medical data about me outside my practice. With doctors, practices and PCTs already being as transparent as a brick wall, why should we trust you?

So tell me, why should we trust the new system? Why should us patients be forced to tell every doctor/nurse our medical information (I have already been told that every doctor/nurse I see will be allowed to know every condition I have had)?

Patient confidentality is a moral and ethical right. It is a basic human right that we should be able to talk to our doctors without others knowing what we are talking about. There are some incredibly private people, I am one of them. We have the basic right not to worry about feeeling violated or extreamly embarssed when we see a doctor. We have the right to be able to undergo an examination that we find embarassing without fear of others knowing (I find people just know I had the examination embarassing, never mind what was found out). We should not need to ask our dovtor/nurse not to tell others, that should go without saying

Not the NHS

26 Jun 06 12:05

In response to the last comment, I'm not convinced that "the NHS" do believe they are exempt from any Data Protection requirements. CfH is being done "to" not "by" the NHS and the DH agency that runs it is arguably no more part of the real NHS, than Leeds is part of Lancashire, Leicester, Liverpool, London or Luton!

Everyone is right

26 Jun 06 13:22

Yet if you change practice another GP will eventually know your details. If you have to go to another hospital who request your records they in turn will know your details. I would rather know that useful information was available to the hospital in question to avoid yet another blunder due to lack of information. This issue can never be resolved otherwise it wouldnt have been raised in the first place! It's a simple answer of you should be able to opt out if people feel they have a lack of trust in the system....

don't believe (all of) the above!

peter.guberg@nhpct.nhs.uk

26 Jun 06 13:47

Please, please will the people who have added the above comments go and read the details of how security will work for these systems! Yes, no computer system will ever be referred to as impregnable, but the systems that are (will be) in place are far more secure than those used for internet banking (yet people still use them, as it is convenient). Only people who have a genuine need to access will be able to. They will need a smart card. Access will be based on their role (admin will not see clinical information). There will be officers who will investigate attempted breaches of security. GP's have done a fantastic job of keeping peoples data secure in principle (but there are many gaps in practice). Accessing the data is one thing, doing it without it being noticed is another. I do however agree that there should be a way of opting out. If people do not want the benefits of the system, then let them take that risk after it has been explained to them, along with the fact that some Dr's will feel uneasy about treating people where the records are not available. Do not assume that your paper records are secure. do not assume that staff in a hospital can access the necessary information they need without these systems. If we all stop making assumptions, perhaps we'll get somewhere! I have chosen not to include my name or email, not because I am a 'faceless coward' but because I take security seriously.

Access to clinical information

26 Jun 06 17:12

I read with concern about the security aspect of accessing data. I used to work in the Medical Records department of an Acute Trust. As part of my job I had to ensure there were patient labels in the casenotes, there was enough space for a clinician to write, there was a referral letter for new patients (and the details were correct against what we had recorded for the patient on our computerised system). I had access to a lot of clinical information but I was bound by my contract about confidentiality. I did see (legitimately) casenotes for peopel I knew but I would never look at more that I had to as part of my job.

Who do you think does all the filing of test results? The GP? No, the back office admin staff. Stop them having the access they need and you may as well stop keeping records as they will not be updated.....

The National systems will allow for updates to happen so when the patient tells the GP that they have moved, the spine will be informed and at the next appointment with the Hospital, they will know.

One other point. There are many patients who have never been seen in a hospital. The hospitals do not know of these people and do not need to know anything of them. When that patient does need to be referred then it is good that the relevant information can be sent to the clinician who will see the patient?

Much of the talk seems to point to the fact that people want to view this information. When working in Medical Records I had to view information but I did not want to do it, it was my job! There are many reasons as to why a member of back office staff would need access to patient records - updating the records is one.

Paper records

27 Jun 06 08:14

Look, electronic records are not like paper records! Admin staff can file them, without being able to view the clinical information. They can't just open the folder for a quick peek, even attempting to do so will create an alert.

All the staff will still have a duty to protect patients privacy. Doctors won't be able to just look up any persons medical notes, they will need to have a reason for doing so, and be involved in that persons care.

The new system will be better than the current system, which relies on physical security much more. When I visit medical record departments, I usually have unrestricted access to thousands of records!

I'm sure there will be lapses, and subsequent scare stories, as there are in all large organisations, but the fact is that they will be more widely reported than the current failings. One of the worst problems that the current system has is the loss of physical files. I am appalled at how often important medical information is lost, and the fact that there is no back up available. Electronic records have a better chance of being stored securely, found when needed, and backed up as insurance.

The possible risks are being taken very seriously, are being controlled, and are not as great as some would have us believe. The real risk is that information will not be available when it should be, as opposed to being available when it shouldn't.

updating information

27 Jun 06 11:11

I'm sorry. Let me get this striaght. You tell your GP that you have had a sore throat for a few weeks. He/she makes a note of that in your record and issues you a perscription. At which point do the clerical staff need to up date the patients records? The GP has just done that! The DoH, GMC, BMA and others all make it clear that if you want what you see your GP about withheld from clerical staff (and even other doctors/nurses), that you have that right and the GP should respect your wishes to withhold that information (unless your condition poses a risk to others, such as children or you have a contagieous disease). The idea that GPs are not capable of putting some basic info (which might only be 10 words, or in the vast majority of my information, less) into a medical record is rubbish! When I asked my GP why he went through my records just wrote some information down to pass it on, rather than just type it striaght in, he simply said "thats not my job". He had the time and was capable of doing it, but choose not to, just to keep someone in a job! This meant that the information was being accessed by others, not because they had a 'need to know' but more a case of 'to keep someone in a job'.

I am not compleatly against the idea of computer records, I have use computers a lot, so know the can be more secure (although the database becomes less secure when accessable from outside the practice/hospital). I do not think patients should be forced/scared into having their information put on a national database so that other doctors/nurses can view it at a latter date. If your GP is any good he/she will send the RELEVANT information direct to your consutlant (thats easy to do). I do not have a problem with that one. What I do have a problem with is other doctors/nurses be able to know all medical conditions I have had simply because they think they have the right to know (for example I was not allowed to visit an asthma clinic because I refused t allow the nurse at the clinic to know every condition I have ever had). Being a doctor/nurse does not give an automatic right to know medical information, depite what you might think.

Assuming your practice usees a computer, it is very easy for test results to be sent direct to your GP inbox. All they have to do is click on it to open it. At which point do clerrical staff need to know the results? If there is a problem (I for one find it unlikeley that clerical staff will be able to decide that one), the GP can tell the clerical staff to call you to come in or if it is all clear the clerical staff can tell you that. At which point do they need to know why you had the sest or the results?

Even when there is a need to see medical information, it is not always neseceraly to view the identifiable information. The only time that would be needed is if you are sending a letter or disclosing the information to others (which would require patient consent, which allows to doctor/nurse to tell them that clerical staff will get access to it) or if they were changing the address. For this to work, all the GP has to do is tell the clerical staff the id number of the patient (this can be changed). He/she then tells them information that could not be put in at the time.

As I said before, I am not compleatly against the idea of a computer record. I am also not compleatly against the idea of a central record. What I am against is that us patients are being left in the dark about who can access or information, what it can be used for, how it will be strored. With the amount of authorised users being extended all the time, then it will be easier for those users (which is likely to include social services among a list of others) to gain access.

As a patient I have had to find out the hard way that my information was being shared, some of it was on a national databse, my PCT and previous practices have refused to say if any identifiable or linkable medical information about me is accessable to anyone outside my practice, had a subject access request changed from 'sight of clinical information' to 'photocopies' (this allowed a member of staff I had made a complaint against gain unresrticted access to my GP records), had a practice manager gain access to a blood test report and had information that I had disclosed on the condition it was not known by anyone other than my GP repeatedly disclosed. The Caldicott Gaurdian for my area will not say or even look into why this happened. It seems that being part of the medical profession allowes those who did this to do what ever they want! I have had to ask others about who can access my records. Based on what I ahave been put through and the compleat lack of transparency of the NHS when it comes to data sharing, why should I trust the new system?

Doctors have for years used the phrase 'doctor-patient confidentality' I have even seen posters in practices that tell children that what they tell their doctor 'will go no further', yet what they mean is tell your doctor/nurse what you will tell every doctor/nurse, clerical staff, employers whithin the next year (I have even been told by one GP that if you want to work with children it would be exceptible for the employer to ask if you have ever ben sexualy abused!), insurance companies, researchers, social services, police and an ever increasing audience. While they were (and some still do) denying us access to our information (I was not even allowed to know my blood group because it was 'doctor privlaged information') doctors were allowing others to go through it, disclosing it for research, telling social services, and even insurance compainies had more rights than us (despite what the profession claims, most patients are not aware of how intrusive this datas haring is or will be). Considering the conditions/problems some people have (such as being abused, drug/alcohol problems, emotional problems, sexual problems or things they find embarassing) does the health profession think patients are aware of this? Do you realy think patients knew this before they told you they had problems getting an errection or that they had been abused as a child?

Trust is something you earn, it is not an automatic right. You might want to activly seek to earn the trust of patients BEFORE you put their information on a national database, rather than keeping us in the dark. Bearing in mind the way the health profession has acted befor (see a previous comment of mine) you might have a hard time doing so. Being fully transparent is the only option. Simply saying 'authorised users', 'need to know' or 'relevant information' is of no use to the public considering most do not know clerical staff are 'authorised users' .

Supermarket Data

27 Jun 06 11:33

Lets take a supermarket loyalty card. Hypothetically, if they were to analyse the data they hold, they could read between the lines and find out the following: 1. The time and day I regularly go shopping. (From this and my address they could burgle my house.) 2. How often I drink alcohol, what type and how much. 3. How much fat there is in my diet. 4. How much petrol I use in a week, and therefore roughly how many miles I drive. 5. How many people live in my house, from the volume of food I purchase. 6. How much toilet paper the X number of people in my house use, and therefore how 'regular' we may be. 7. They could work out if I really do get my 5-a-day of fruit and veg. 8. They would know (if and) how many cigarettes I buy each week. 9. They know if you are having a party. 10. If you buy mobile phone top-up cards, they know how much time you spend on the phone. In fact, they probably know more about my real lifestyle than my GP does. We could just give GP's access to all the supermarket data...

loyalty

27 Jun 06 13:22

Yes yopur right. IF yu have a loyaty card they might be able to work out some of the thing mentioned (from a security point of view, you should alway vary the time you shop) but they would not be able to even guess some of them (how much time you spend on the phone varies on your network and package. There is a difference between that and clerical staff and other doctors finding out your medical info (such as you have been depressed, abused, had sexual problems, drug/alcohol addicton). You can also decide not to buy your toilet paper and other things without your loyalty card and still be allowed to get them. With your medical records, you have no such option.

I do take the point that there are other things, such as internet banking, loyalty cards that allow others to collect info.

My point is that we should be allowed to see aGP/nurse without having to tell others about it (the only time clerical staff should have access to identifiable data is if they are disclosing it.

I would love to take art in NPfIT, but there are some information on my records that I would not want others to know about, even in an emergency. The only way I can avioud A&E finding out, is not to take part. Confidentality clauses mean nothing to people like me as it is the embarassment of people knowing that is the issue. From what I have been told by PCTs, doctors NPfIT, I will not be able to withhold information unless my doctor says I can. In other words I will be able to say no, but they can tell me tough luck and put it on the national syastem

The person above

helenwilkinsonmakey@fastmail.fm

27 Jun 06 14:08

If the person above me would like to get in touch I may be able to help. I am as a lot of you the Practice Manager who has being taking to opt out without success.

I am also on a pan London wide committee for sexual violence where I advise on health.

We do have very serious concerns regarding both PDS and the NHS CRS.

The so called audit trial will be joke. I tried to obtain my PAS audit trial the London Trust refused to give it to me as they would have to ask the permission of all the staff who had accessed my PAS records!!!!

With regarding PDS in my opinion it is not secure. You can return 50 records at a time. Also all stop-noting means is that someone has to contact the Help Desk for your details.

Also if an agency member of staff is their to harvest medical and demographic detials and goes back to New Zealand what comeback is there?? Also will the NHS be sacing its employees if they claim to have accidently called up the wrong patient??

To the person above please do get in touch I may be able to help.

Helen Wilkinson-Makey

re: Supermarket data

27 Jun 06 18:35

The comparison makes light of a serious issue. But to take the analogy on, I still have the choice to walk into a supermarket and pay for my unhealthy food and fags with cash and no-one need know who I am, if I want to keep that fact private. Second, access to that sort of data is not, I presume, readily available at the till to the person cashing up my food as demographics and clinic attendances could be to all 50,000 people working in the NHS unless event-related controls are in place (I would love to think that all of them as are trustworthy as the medical records correspondent but I know, having been responsible for IT security in a hospital, how many incidents I had to deal with). Thirdly, to some extent the data held is available to me so I can see what favourites they think I have and I can amend or delete my personal details. The clash is between good health care being supported by accurate information about patients and the right of individuals to keep some or all aspects of their lives private. BOTH ought to be possible with individuals allowed to retain control of where THEY want the balance of risk to fall. It's surely not beyond the wit of man/woman?

How many notes can you access in 5 minutes?

david@wirralgp.org.uk

29 Jun 06 19:43

Your comments above are interesting if a little repetitive. The point you seem to be making is that electronic security is better than paper security. In what way is it better? How, for example, can you access my paper record? Audit trails as have been pointed out, are accesible, but how do they identify someone who has 'borrowed' a 'smart' card? When do they identify the transgression? before during or after? The information held is another issue. There are comments about the information being 'ownd' by various people. Is there a difference between the information a GP gains in a consultation and what is recorded? How is the information filtered before it is entered? The kind of 'Ownership' here is an abstract concept which seems to be purely administrative, rather than the reality of the ownership by the patient or the clinician.

Computer security v paper security

30 Jun 06 10:24

Computerised records can be more secure than paper, but the potentila risks if there is an error is greater in some respects. Paper records are insecure in relation to the peolpe that handle them. In a GP practice for instance, most of the staff are able to access them (in some cases). They are prone to being lost or misfield, and badly cared for notes are often in a mess with pages falling out. They rely on physical security, and the good intentions of the staff that handle them (fortunatley, I think that most staff are professional in their attitudes). Computer records open up a host of problems, in that potentially anyone connected to the network will be able to access them. However, I believe that the security that will be in place will be effective, although it will still require staff to follow procedures. Staff will require a smart card, and a password. Staff will also need to have a clinical reason to access clinical information, therefore the potential number of people who access information will be very limited. This will be handled by a role based access system, which will/is taking a lot of work. Very sensitive information will have even stricter controls. Some comments above suggest that audit trails are like closing the door after a horse has bolted, I disagree. I think the fact that a detailed audit trail is left provides a very strong incentive to use the sytem properly and professionally. If a breach occurs it should be possible to identify that it has happend and take appropriate action. I am very much in favour of an effective system to opt out however. I don't think it is right to force peolpe to have their records computerised, and I think that everyone should be allowed to make this decision. I think that there should be very clear guidance on who can see and even on who is allowed to ask you for your medical details. I think that the case of Helen Wilkinson-Makey is a good example of the need for this, unfortunately I don't think that it has had the correct effect. Surely after highlighting how difficult (impossible?) it was to get data corrected, the people responsible should have put procedures in place to ensure that these errors could be sorted out quickly, simply, and efficently, so that we could have some confidence? Many clinicians that I deal with are against any opt out, so I believe that there is still a need for a healthy debate on some points.

RE: Computer security v paper security

30 Jun 06 11:47

Electronic records are more secure, but only if thaty are made secure (such as controled access with passwords), I don't have a problem with that. It is the way the new system will work (or possibly not work) that I have the problem.

It has already been pointed out to me by PCTs and the DoH that it would be possible for any doctor/nurse I see to know every condition I have had, even if it is not relevant. All the new system will do is record what they looked at and possible issue an alert if they access something they should not have. The prioblem is taht some PCTs/medics already have an attitude of 'anything' that is medical could be relevant, therefore should be available to those providing care. This means that even if you chest infection from 3 months ago is not relevant to that bang to the head you had, it will be known by those providing you with treatment for that bang to the head. They might not be allowed to know the details of that infection but they will still be allowed to know you had it. In the past, they would not have had access to that information, it is things like that I am against. You also have to remember that the list of those who can claim to have a 'need to know' has been extened over the last few years and this is still being extend.

Medics do not have to like the idea of some of us opting out, they just have to put up with the fact that patients have a right to decide not to risk their privacy and dignity.

As for the audit trails. sorry, but thats a laugh! Are the DoH actually telling us that a computer will decide if an alert is issued? How will the computer decide if accessing the information about that chest infection know if an alert should be trigerd? When will these trail be checked (bearing in mind the amount of trails that will be created)?

The best way to protect very sensitive information is to leave it off the spine all together. If it is not possible for it to be processed by a computer at the practice/GUM clinic/hospital without it going on the spine, then that is just plain stupid (in fact it sound like they would be say 'don't let it go on the spine and we will put it on paper and run the risk of others knowing about it'!) You also have to remember that what one person talks about openly, is feircly protected by others, even the NHS reconise that one. Who will decide if it is 'very sensitive'? That chest infection might not be viewd by most people as 'very sensitive' but that does not mean the patient should not be allowed to withhold it from the spine (even if the sealed envelopes work, and thats a big if, they can still be opened without consent). People like me put the intrusion into our medical information at the very top. I don't care if it's something like a black eye, twisted ankle or an STD, to me and a lot of others, keeping that information private is what is important. I don't care if you are a doctor/nurse, if I don't want you to know, I don't have to let you find out or tell you. If that bothers you, get over it and move on! The minite you bring the degree of sensitivity into a descion, things go down the pan because everyone will have a different view and with patients being encouraged/sleep walked into being more open about our medical information, sooner or later the concept of medical privacy will be resigned to the history books (researchers are already allowed to collect information from GUM clincs with identifiable data such as BOB, post code, NHS number and even insurance compaines can ask if you have ever been tested for an STD/STI).

All I am saying is that patients should have been asked, they should be told in clear terms who will know their information, who can ask for it (even if that means them not telling you they have a problem) and more importantly, have the right to refuse to allow information to be shared or stored on the spine. They should be able to do this without the medic trying to influence them (I think if a 14 year old can have an abortion without her parents knowing, she is mature enough to decide that none of her information goes on the spine) and without being scared into it (the idea that your standard of treatment will be lkess than now is just scare mongering as the consultant will still be sent the relevant information and even in the future those in A&E will be too busy trying to save your life to check the database for alergies you have, meaning you should still carry that sort of info on you). This also raises the question about future choices. For example a 7 year olds parents decide their childs information should go on the spine, should that child then be allowed to decide at a latter date to remove his/her information (see the abortion bit), or will they simply be left to follow everyone else and be forced to accept it and the consequeces? A case of, 'follow socity or be denied treatment'. That is imoral and un ethical. Patients are not idiots, so do not treat us like one. Most of us are mature enough to make choices (even choldren can make life or death decisions) so let us decide based on the facts in a clear way, rather than a way that is designed to scare us (by saying things like it could cost ius our life if we opt-out) or in a way that has got political spin on it.

There were/are other choices open to the DoH when it came to increasing the ways information culd be passed on, simply because they opted for a system designed my IT (who will make a fortune out if this system that is no more effective than other systesms desugned to oush relevent information to the relevant consultant) does not mean we patients should be forced to let people know even more about our medical information.

Audit trails

30 Jun 06 12:00

sorry, forgot to mention something regarding the audit trails.

When you consider people like Helen Wilkinson are not being allowed access to the trails, how are patients meant to know who accessed what and when so they can decide if they want to make a complaint against them?

My previous practices will not only not say who accessed my information (they use computers so it should be possible to know) my PCT/previous practices will not say if any of my identifiabl or linkable medical information has been accessed or is is accessable to anyone outside my previous practices.

With that level of secrecy already in place, what will make the new system any different?

I really hate to make light of this but....

30 Jun 06 20:00

As the PDS only currently stores demographic data right now (that's what the "D" stands for by the way) Then the ability to look at every illness people have had ever is unavailable.

Furthermore. There will be a sumamry record. Look up the definition of "Summary". It definitely does NOT mean detailed. I work for 4 different trusts that have all gone live with the new system and the only information people have been able to get from the spine is information that is readily available on the elctoral roll, information that many people eagerly enter into ebay membership forms, hotmail account forms, yahoo membership forms. I defy anyone reading this not to appear on a database somewhere. Your GAS company probably sells your information on to third parties every day. Ever wonder why you get junk mail? ever get any from the NHS (apart from appointment letters)? The hysteria drummed up by people is ridiculous. I am all for an opt out system. but to suggest that the NHS doesn't take the data protection act seriously is bull. Everyone that sits in a half day presentation about the sactity of personal information and how the caldicott principles affect the way we work will tell you that. But its the media that people listen to.

I have had enough. GPs hate the system because they don't want to have to build the stuff into a 10 minute consultation. Faxing a referral is not the best, most secure way of doing things, but they hate choose and book because its not secure. Hypocrites. Patients don't want people to know their health record but they would be the first to sue a Tust if a drug that they were allergic to was administered. Hypocrites. Admin staff,like medical secretaries for example shouldn't file notes away.Ward clerks shouldn't so much as open the notes, but the first whinge that doctors have is that they were trained to cure patient's, not do filing.

Lets examine what we want the health service to be.... then add some common sense. The CfH programme could help SO much. Stop slagging it off and learn about it so rants like those above don't take place.

I really hate to make light of this but.... You are absolutely right.

02 Jul 06 23:17

The poster of the above message is spot on with his or her comments. I posted earlier on in this thread stating that the PDS only contains demographic data that is available from many other publically available sources (telephone directory, voters register etc etc) yet these facts seem to go unnoticed by the majority in order to dramatise the matter and create scare mongering headlines. As a software developer I have worked on PDS integration into existing systems and I can assure you that it's security if anything is way over specified for the data that it contains.

Certain GP's appear to be looking for any excuse to boycott the new systems because they may have to spend a few minutes using a computer rather than scribbling unreadable notes for the admin staff. If GP's wish to take issue with the new system then at least find something credible to complain about - the security of the PDS is not one of them. Try using the new system and providing constructive feedback for a start!

Anybody with any knowledge of either the PDS or the security of the spine will already know that the GP's responsible for urging the boycott have no clue what they are talking about. I'm sure those same GP's know as much about computer security as the developers of the software know about medicine. Those same developers have to place their trust in their local GP for treatment because they KNOW that their GP is the expert in that field - show the same courtesy and stop looking for any excuse no matter how ridiculous to reject change.

Supporting the GP

03 Jul 06 09:57

I have working in secondary care IT for 15 years and now work with GPs. They are not anti C&B or technology far from it, but they are against having to use something that is not robust and increases the pt consultation time and could leave patients worse off, the problems are complex and until you visit an inner city surgery with high percentage of non english speakers/elderly or vulnerable patients trying to use it please do not judge. Some of the problem is how the issues have been handled and lack of clarity. There needs to be a clear engagement of clinicians, a different approach from all sides and some serious clear leadership. Issues around confidentiality and liability need clarifying and we need to get on with it! There is far too much political interference winding up those few who have issues rather than addressing them. As a health community (Trusts, PCTs, LSPs, GPs, BMA & GPC & uncle Tom cobley) it is time to admit which bits are wrong, or could be improved, sort out the problems, get rid of the ridiculous 'targets' and implement something that is good, fit for purpose rather than something that can be used as a football or for electioneering. Whilst recriminations continue we gain nothing and serve no one. Time to lock all the leaders in a room with only water and not let them out until they sort the unlerlying issues oout. In the mean time let us all do what we can.

re: making light of it....

03 Jul 06 12:00

Just a couple of points to add to the debate:

You can now only access your entry on the electoral role. Yes our demographics are traded for marketing purposes but that is different from our medical information. Yes the NHS take data protection seriously, but there are and will always be flaws in the systems and practices.

Yes the system will just be a summary, but hopefully that will change (if this argument is resolved!). But from some of the comments above I think some people will object even to that. If people choose to opt out, and suffer for it, I'm sure the courts will take this into account.

I come across clinicians who are for it and against it, and I think that this tends to be influenced by their own computer skills and technical understanding.

Making light of it

robbiecarter@realityleak.fsnet.co.uk

04 Jul 06 18:17

"...Yes our demographics are traded for marketing purposes but that is different from our medical information..." - Which isn't on the spine yet and in any case will not be subject to data marketing as it will be on a secure NHS network.

The most important paragraph in the above post is the final one and the one that is the reason for every single debate about this new system: "I come across clinicians who are for it and against it, and I think that this tends to be influenced by their own computer skills and technical understanding." I have come across GPs who have been hostile to myself and my colleagues (as IT Training officers trying to HELP them with the new system) before we have even turned on a computer, I completely agree that some GPs are "pro" the whole system but the number of GPs that are entirely resistant to it, and gleefully follow the ulterior-motive-driven orders from their LMC far outweigh the number who are actually willing to give it a go.

...Speak of the Devil

preston.demendonca@nhs.net

07 Jul 06 00:23

My name is Preston de Mendonca and I am the GP who proposed the motion at the LMC Conference that GPs and their families should consider removing themselves from the PDS spine.

I think that the above correspondence needs to re-focus on the proposition. My motion concerned the Patient Demographic System(PDS) only?We are some way from uploading your clinical details onto the spine.

The PDS is not like the electoral roll or phone book?It is the most up-to-date address book of just about every person in the land?all of us including our children.

The opening up of the PDS to 50-100,000 and possibly more new people GPs and their staff, should alert everyone about the wisdom or disbenefits and unexpected consequences of holding such access/power.

With massively increased access to the PDS, it is not just the addresses of celebrities and interesting people which are at risk, but anyone of interest to any of the cardholders?and anyone with soft access to a card holder. It is this massive increase of individuals able to access the whole PDS, which is the security risk - hence my phrase "a lock with 50,000 keys cannot be secure"

Irrespective of professional/ethical principles, staff training and penalties for unauthorised interrogation (if detected) of the PDS,it is naïve to expect to expect cardholders to simply wonder.."..whatever happened to baby Jane?" when the answer is within a few clicks of the National Address book at their fingertips.

If you are merely of interest to any cardholder, anywhere in the country, they can find you. Do we really want/need this for everyone, regardless of whether it is in their interest?

In all the arguments about ?the greater good - and "it is all available elsewhere"(it isn't),on needs to consider what John Stuart-Mills called; in his essay on liberty "the tyranny of the majority" when the wellbeing of individuals are sacrificed for the perceived good of the majority. My motion advising GPs to consider removing themselves from the spine reminds the Profession of their liberties and act as an example to the Nation.

As your personal physician, your GP should foremost consider, the information you give him, to be private and confidential and to be applied for your benefit above all others if not, there is no trust to be had and all else is subterfuge. Your details on the PDS will be mainly updated by your GP(staff) who are at the front end of the massive database.

Finally, as a practical exercise: find out if your Caldicott Guardian knows how you can be removed from the PDS and how quickly - now repeat the exercise as an ordinary member of the public. What chance for those who have need to be leaves in a forest, but are not aware of that need?

Demographics only? What about ID cards?

10 Jul 06 10:32

Thank you Preston for reminding us of the basic issue at hand. I'm sure many of the posters above would agree with your assessment and motion, however I think that they are right in looking forward to the ultimate end of having a full set of clinical information available across the NHS. Perhaps it is time that we as a nation looked long and hard at these questions, because they are not just in the health area. There is the possible introduction of a national ID card that may be mandatory. The ID card plans to store 39 pieces of information about you plus 3rd party information about the person(s) who vouched for you (often your GP). I hope that this doesn't happen. If it does, how long will it be before they want to link this to your health record? It has already been discussed. How many keys will there be? What about the TV licensing authority? They have the biggest address database in the country, for a very dubious reason. If you don't have a TV (and a licence) they still hassle you. Given the governments inability to get most of their IT projects to run successfuly I can understand the feelings of trepidation. Hampshire and the Isle of Wight have loaded patient information onto a system (1,250 people opted out, although not everyone received the leaflets). The difference with this system however is that staff have to get consent face to face before they can access the data. Perhaps this could be a model that could be applied to the national system? I hope that agreement of some sought will be reached soon, after a proper public debate. The information belongs to the individual, not to any of the professionals responsible for recording it, or the organisations that hold it. One thing though, I hope that the information can be anonymised and used for research, as that would be incredibly useful.