New NHS medical records database

[boiledeggandsoldiers]

The NHS are planning to put our medical records on a national database. Article

I can see that it could be an advantage to be on an easily accessible database in a medical emergency, but...

medical records are highly personal and government databases do not have a good track record for security. Who remembers the names and addresses of every child benefit recipient in the UK being breached?

Are you aware of this and will you be opting out?

This has been in the pipeline for years and years. I will not be opting out as think the pros will outweigh the cons.

It worries me who will be given access to them in the future....

I won't be opting out as I have nothing to hide/worry about.

It isn't about having anything to hide soupdragon. Why assume that someone opting out has something to hide?

My concerns are:

Govt record on security for databases is not very good. I don't want my information ending up with someone that may use it inappropriately if the system is hacked.

The information provided about WHO has access to the data is woolly, and this could change in the future as thelunar66 says. I don't mind NHS staff seeing my records as part of my care, but I wouldn't particularly want anyone else having access.

If I thought there were no advantages to the system I would opt out without really giving it any more thought, but I can see how it would make health care easier, particularly if you were away from home and needed treatment, for example.

I'm undecided TBH.

If any NHS workers are out there, I would be interested to hear your views as well.

At the moment substantial parts of your medical record are already being held on-lione in the computer systems operated by you local Trust. The rest of your record is in paper form and is only safe as long as people keep it where they should and take care of it. Which we do (am NHS manager).

Putting everything on line isn't going to make your data any less safe. It may make you more safe though - when you have a heart attack in Dundee whilst your home hospital is Bournemouth....

thlunar - anybody who has access to records should only be accessing them according to their particular role and for work purposes only. We take that very seriously and employees who breach that are dismissed.

I had letter about 6 weeks ago about this.

Couldn't see the problem myself - only the advantage of ease of information being accessed by medics should the need arise.

Thanks Northernlurker, my GP pulls up my details on a computer when I see him so I did wonder how that fitted in.

It's going to be a massive data entry operation isn't it?

Converting paper to IT is yes. Getting the IT we have now to talk to the new IT hopefully shouldn't be too traumatic....
Lots of our systems already do this. I work in renal and there is a website patients can use to access blood results etc. That website is fed by our specific renal system which is in turn fed by our local hospital system that has blood results entered on to it.

I don't work for NHS but work in information management. As Northernlurker says there are very strict guidelines and laws about who can access what information about you and what they can do with it (this goes for everywhere not just NHS).

The breaches that have happened previously were terrrible but largely have been when people haven't followed rules - i.e. you aren't supposed to copy material with sensitive personal info onto laptops, CDs or stick drives and carry them around with you. You aren't supposed to send sensitive material through the regular post etc.

If this database is designed correctly it could improve care and make the NHS a lot more efficient.

In theory I don't mind. In reality, I was working with anonymised Health Authority records 18 years ago cancer epidemiology research and we took very seriously the confidentiality of the data.
BUT, we're dealing with real people and databases that are designed to be quickly accessible (else there's no point). And real people have a knack of blowing it... leaving the disks around, forgetting to log off a secure system, letting laptops get stolen, attracting the interest of someone who can afford to pay for very professional Eastern European hackers....

I still don't care about my personal data being nicked & published, but I'm sure it would be very bad for some people if it happens -- and it will happen.

How would the design of a database ensure that people follow the rules?

I appreciate what you say Northern about security. I work in the NHS too.

But it's the future I'm thinking of. I remember when DVLA info was private and now it is sold off to private firms who run car parks!

Sorry, but I just have this niggly little paranoia.

As I understand it you will only be able to access information according to your 'role.' Basically that puts the information in boxes and you can only see what you need to be able to see. Some staff will need to see quite a lot - but that's inherent in their job and you want them seeing all that.

thelunar - do you really think clinicians would ever countenance such a thing? I don't. Anyway even if they did - there is nothing especially vulnerable about an electronic record. The same could also occur with paper records. If we wanted to sell the data on your rectal bleeding, cataracts and counselling we already could using the records we have now.

So if there is no reason for the dermatologist to see about someone's mental health problems, they will only be able to look at the relevant info?

It should be easy enough to have a database which facilitates this but will they put the money into designing the right database is the question?

Here's the latest according to the Big Opt Out.

Protecting mental health records is one area where I think we do need to proceed with due caution and define things very tightly. I've no reason to think that won't be done.

Juule - that website does very much have it's own axe to grind and it's misleading to say all NHS staff have access to your record. All NHS will have access to part of your record yes - but they need that to do their job. I will have access to part of your record (I assume managers are included in the 'officials') but I need that to do my job to your benefit.

Speaking of my job - I need to get back to it now but I'll be on-line later.

Databases can easily be designed so that you can't download it to a disk / laptop, automatically logs you off after set period, forces you to change your password regularly etc.

Your gp might need to see YOU have a certain disease to send you for follow up tests, while someone from accounts might need to see how many people have been diagnosed with that disease per year, to budget for those treatments correctly - accounts person doesn't need to see your name, just the dates of when people are diagnosed. Having all the records in one format and system should make this much easier to work out (therefore, cheaper admin costs for taxpayer).

Long term thinking is also important, they need to maintain database correctly so it can't be hacked or misused ever. Some governments even hire hackers to attack their systems so they can close loop holes that they discover.

I've already opted out. If I had a serious medical condition or were on a cocktail of drugs then it may be different, if the information could be accessed anywhere in an emergency. But that does not apply to me, I am fine, but I also have some highly confidential stuff in my medical records that I tried to lose years ago and frankly I do not wish for any information to be held in a database. I have friends and colleagues working in high positions within the NHS and I don't want them to be able to see my records.

Our letter said it will only hold details of what drugs you are on

And anything else will have to be agreed by you before it is added

I believe the info will be lost
I am sure this system has cost loads more than predicted
I doubt it will be secure
I am sure people will look people up when they shouldn't

etc

But for now if it's only medication going on.
If I was on medication for something personal I might think differently

"How would the design of a database ensure that people follow the rules?"

I am a fairly lowly NHS clerical worker. The patient information database I use for my work has several fields greyed out, that I cannot access, as this is not deemed necessary for my work. When I started work, my manager signed the form to give to IT, listing which areas of the database I would need access to, to carry out my job. As northernlurker has said, the NHS takes data protection very seriously. It is made crystal clear to staff that they should only access information when necessary for their job, and they will be disciplined if they step outside that.

Also the database is set up so that there is a warning that you face an automatic audit trail if you try and access what is deemed "sensitive information" on the system. The example we were given when training of sensitive info was religion - I have never had a reason to look at this field so dont actually know what else would be covered!

crumpette, you know you can apply to have your records changed if you believe they are inaccurate? here And if your friends or colleagues looked up your records for no good reason, they would have broken the law, be liable to a fine or even prison.

I remember when DVLA info was private and now it is sold off to private firms who run car parks!

Hmm I wonder if insurance companies will be interested in my medical records - the NHS could seel them off to rasie funds and leave me with a lot less privacy as to who see's my records.

No I don't have anything to hide and my medical records are not very thick - but what is there I really only want a medic to see.

Will Victoria Beckham be on the same system as me?
Will Sarah Brown be on the same system as me?

I didn't think so.

If the security is not good enough for them it's not good enough for me.