De-registered patient and medical records

[Pseudonym99]

If I am no longer registered at a GP practice, where would my medical records be kept?

If OP had been made aware of how her data was used ie the HCP told her as made of consent process in the consultation she would not been in this situation. The Montgomery case is very helpful patients like OP need to be told how their data is used so they fully consent. This is the crux of the issue.

Tipsy - how exactly do you opt out re: section 251?

OP - I have pm'd you.

um, wait, so Tipsy's neighbour talked about her health on a public forum & gave her own 1st 4 postcode... that's nothing to do with how easily unauthorised people can get hold of NHS patient data and whether that info is used wrongly.

1st 4 digits of a postcode is like... SW15? TN4? That much postcode would cover about 30,000 people in my area. The neighbour must have given some very specific other identifying info.

It is oldtrout as it proves how easy is it to identify someone from two pieces of supposed unidentified data.

Govan- Contact NHS organisation concerned. Useful to point out Montgomery judgement and ask them how they are complying to "fair processing" under the DPA too.

Tipsy, does the 1st 4 digits of your postcode cover only 2 houses, or not tens of thousands of people anyway? Is it a thyroid condition that only affects one in a hundred thousand people & you already knew your neighbour had it?

Our postcode covers our small town. She is well known figure. As people knew her they immediately put two pieces of information together. Yes I asked her and it was her! So they had made correct connection. Actually she is the local busy body

There are 3000 postcode districts or 9000 postcode sectors in the UK (source 1 and source 2). So on avg. each sector has about 7000 people in it.

Somehow, Tipsy knew precisely which of her 7000 neighbours in that postcode sector posted about their thyroid condition.

xpost... so you had to ask to know for sure... anyway, I guess if you think that people who are authorised to access the data are going to misuse it, then that's what you're determined to think. In that case how could anyone ever trust their own GP not to misuse the data, really. One of my work colleagues also works PT at my former GP surgery. Guess I better be nice b/c I'm sure he could quickly access all the dirt he wanted on me.

Only one postcode for my area! Her first name gave it away and the fact she is the well known busy body. Plus not 7000 people in my town. Where did you get that from? She was horrified two bits of information could out her information in the public domain.

Thanks Tipsy, I will do that. I was stunned the other day when a friend mentioned that their temp job gave them access to all deceased new mother's info without patient or family consent under that act. Part of their job was to remove names and identifying details etc.

Quite this what goes on without patients knowing about it. It is why consent is so important. Some patients are fine with it others like OP it causes them immense distress. We need complete transpancy and patient consent.

trout - there are systems in place to ensure things like that don't happen. My trust monitors all our electronic clinical access via a system called Fairwarning.

If I inappropriately access a colleague's records, or check my own blood results, (i.e. look at anything I'm not supposed to) then the system flags this up. It's an instant disciplinary hearing & will result in a first & final warning.

Still happens though. Gordon Brown's records were accessed my a doctor in Scotland. It was deemed not appropriate to push this into the public domain. Trusts may have a warning but NHS Digital has no audit trail for records given to third parties nor do they audit regularly what happens to SUS/HES records after they have been given to private companies etc. This makes a mockery of a Trust's warning systems.

The first 4 digits can cover 1000s of people. eg postcode AB1 5

In my area the first 4 digits cover one town pop 35K, and at least 3 smaller outlying villages.

You could not find anyone from 4 digits unless you lived in a very remote area.

Even our complete postcode covers our road which includes around a dozen other homes.

Tipsycat that Consultant was fired for his breach of confidentiality- and rightly so.

Yes it is rural and an unusual postcode area. I posted to highlight data can be connected and SUS/HES records are a much more rich dataset. @Pollyperky

Fired fine but too late damage to the patient has been done. I think that is a case of after the horse has bolted.

So the 2 bits of info were the postcode & her first name... she told everyone online half her postcode & her first name in an area where the postcode sector = postcode unit. But still you asked, so maybe even the postcode & name were not that definitive?

There are about 65 million people in UK & 9000 postcode sectors, then (divide 65 million by 9000) that works out at an average > 7000 people per postcode sector. That's why first half of postcode isn't usually very identifying.

A great deterrent though! Staff know the consequences of breaching confidentiality.

I don't see how any Trust could have anticipated his actions. He needed EHCR access to do his job properly. He accessed but did not disclose. Very foolish - he would have fully understood the consequences of his actions.

Agree oldetrout my point is sometimes it can be geniuenely identifiable. I have since spoken to busy body neighbour as people were coning to me saying did I know about X. This is genuine. In no way is it made up or exaggerated. I emailed Medconfidential and sent them the info after I checked it was X.

@Pollyperky I have been reading your menopause posts they are fabulous

"QOF chasing generates income GPs, in my experience, are terrified patients find out this as it may affect their bottom line"

Another ridiculous comment. No GP is "terrified" that patients find out they are reimbursed for carrying out smear tests. As I said before, you are merely showing your ignorance of how NHS primary care is funded.

Lol I am howing knowledge as you admit it is correct and GPs are reimbursed. Yes GPs I know are worried/terrified it would affect their income and patient good will. One only has to read the closed GP forums they are fully of patient blaming/income generation and generally slagging patients off. Closed groups like Emis and SytemOne groups are again all about income generation and how to code correctly to get ahead on QOF. I have worked in primary care and was vetted to join them. Can I ask why are you a so against full transparency over these issues? The same applies to Trusts re HeS/SUS too. The issues do not only primary care but secondary care as well. It is not only transparency its about being legally complaint re DPA, GMC and the Montgomery case. It horrifies me patients such as OP are placed in the position of being unable to access care due to lack of transparency in the NHS and failure of the NHS to be legal complaint and obtain fully informed consent.

Of course GPs are reimbursed - do you think they work for free? EMIS and SystmOne are clinical computer systems that hold medical records, not "closed groups". That you once had a job in a surgery is the most "terrifying" thing going on here.