New NHS medical records database

[boiledeggandsoldiers]

The NHS are planning to put our medical records on a national database. Article

I can see that it could be an advantage to be on an easily accessible database in a medical emergency, but...

medical records are highly personal and government databases do not have a good track record for security. Who remembers the names and addresses of every child benefit recipient in the UK being breached?

Are you aware of this and will you be opting out?

That's pretty much my GP's opinion too Darrell.

I'm also interested in what effect this will have, if any on us obtaining copies of our health records. Will any paper-based records exist? Following a problem at my local hospital which almost resulted in the death of my dd I obtained copies of her records. The errors made were evidenced there in black and white. Would this new system allow for retrospective amendment of records? How would I know this had or had not happened. I realise I may sound a little paranoid here - I suppose the good thing is that the records couldn't be mislaid which convenienty happened for a while in our case.

DarrellRivers
I am also a health care professional who has access to lots of info currently.
I don't want random people being able to see the records.
I don't believe as the leaflet says 'the staff will always ask you permission to access your record'..and then goes on to add a proviso along the lines of unless we need to.

If incorrect information is adding (or not added) to your record, how long and how difficult will it be to get it removed? Will anyone believe you;

"Oh but the computer says you had your right leg amputated 5 years ago so why do you want two crutches" to someone with both legs (ok I'm exaggerating but we all have experienced the 'well the computer records have it so it must be correct' scenario.

We have got the forms to complete and they're going off to the GP asap - I am not having my details on there.
Also the opting out leaflet says once your record is on the Spine it can't be removed - just hidden and then it says if staff consider it really necessary then they will be able to access hidden records - even if you have requested the information is taken from view.
So bear that in mind - once somethings on there - it may be there forever!

I'm frankly stunned at the HCPs on this thread who are using the perceived vulnerability of the electronic record as a reason not to participate and therefore it follows they think that medical records aren't vulnerable at the moment? Are you followers of the school of thought that says the cardboard folder surrounding case notes has powers beyond the wit of man and will resist any untoward intervention just by the power of it's manila styling? I just don't see the difference. The NHS has certain information on me - I like that it's available as easily as possible to as many people as possible as long as said people respect my privacy and are trying to cure me not sell me something. I've heard nothing about the electronic record that makes me think otherwise.

Actually I'm very aware of the vulnerability of paper records, having several years ago (and a different hospital) found a stack in a corridor outside a meeting room for an MDT. The door was locked so someone had left there.
It was in a secure area of a building but still accessible to other staff who had nothing to do with the care. Yes I did complain.

I agree with you - it will mean that more people can access the records than paper notes and I don't see that as a positive thing.
People they may not need to access them, they can then add information that may/may not be relevant (or indeed if it is about me at all!) will make the situation worse, IMO.
And what about staff sharing log ins, smart cards etc. We've all heard stories about busy wards, juniors drs using the one log in to access Path results.
I've had colleagues ask me to log them in because they've accidently locked themselves out and don't want to wait on the phone to IT. I refuse.
I see enough problems on a daily basis caused by similar names, wrongly assigned NHS numbers to put me right off a system that may perpetuate and spread errors.
How long will it be before private firms are contracted to run it? Then 'anonymised' data sold off for use in studies or to insurance firms. Once the data has started to be collected the possiblities are endless.

Wow, lots of responses, thanks. So as things stand at this moment in time, the information that will be added isn't particularly sensitive and although the system isn't perfect, the paper records are not either.

If we give our presumed consent now but are not able to withdraw our consent in the future, I find that more concerning. If it is decided later down the line that insurance companies, or other government agencies will be allowed access to the data, there are no guarantees that we will be able to prevent our information being available to these organisations.

Once we have given consent, is this for the information to be added on this occasion, or will additional more potentially sensitive data fields (not just existing data fields being added to)that be included in future versions?

Lots of questions for my local PCT!

The argument re security exists with both records
The difference NL is that records are held locally currently rather than nationally
That sure as hell cuts down on the amount of people able to view them

True.

SPBInDisguise

Apologies to non IT people for this posting, it is boring and nerdy and directed at SPBInDisguise!

In my humble opinion as an software engineer (not a database specialist) you could have a two tier approach to the database security.

On the first level you use integrated security to ensure that the user login only has access to certain stored procedures and functions, and never the base tables, this immediatly puts you in control of the in-flow and out-flow of data.

On the second level you implement application security at the stored procedure/function level, each execution requires a security token/session id to be passed into the sp/function, it does reduce performance but of well designed not so far that it becomes unusably slow.

Once you have this level of control over the data flow, you can make it impossible for a user to say download 100's of users sensitive details, you can set configurable caps on how many users details can be pulled up by that user in one day, fire off warning emails etc..

Hope that helps with your development...

To everyone else, yes, a well designed database can make it very difficult indeed to steal large quantities of sensitive data.

hmmSleep, of course the Child Benefit data breach was just down to "some idiot" losing discs and, of course, said idiot had done something he or she should not have done. I don't doubt that this system will not necessarily be subject to that kind of breach. But is it not the case that it is dangerous to underestimate what "some idiot" will be able to do. There will be some other way that "some idiot" will get round the carefully designed security and confidentiality safeguards of this database.

I am also a HCP though I do not work in the NHS or in England or Wales. However, I do work with information about people and I entirely understand the desire and the advantages of making the information more accessible but I totally mistrust any assertions that the data will be invulnerable. It's just not plausible.

totallydifferent, nobody is saying it will be totally invulnerable, but that it will be more secure than how most of the information is currently held and stored.

It just seems odd to me that people have happily sat back and allowed their information to be stored in a very insecure way for years without complaining, and now it is being changed to a more secure system is when people start complaining. I think it boils down to the fact that people just don't like change.

It's true that paper records are insecure. Certainly that makes it easy for someone working at the local surgery to view my records, which I might worry about if I was rich/famous/lived in a small place.

However, with the new system, someone doesn't need to by physically near records to view them, so as well as anyone working in the surgery being able to view records, many many others can get at them if they set their minds to it. You might say that the receptionist for instance won't see details but I wonder too, if busy, overworked IT departments will be able to properly set permissions? I can imagine that a temp brought in to update records/data entry for instance could get to see pretty much anything they wanted. Infact, I can see it already, tabloid journo gets job as temp and then accesses all sorts of records. It's certainly telling that HCPs on here are planning to opt out, presumably they see poor handling of data already and fear what could happen.

From a medical point of view, it is of course ideal that records are accessible to all involved in care. If lives are saved and money saved (giving more money for more lives to be saved) with the new system maybe that has to be set against the few who will have their privacy invaded?

Going off the point a bit, I think there's too much of a culture that the NHS owns your records rather than you owning them. Since the outpatients clinic that I visited instigated a system of sending me a copy of every summary letter that goes to my GP I've found a mistake in pretty much every letter, pain noted to be in the wrong place or date of original diagnosis for instance. I'd like to be able to access and check all my medical records without being viewed as a possible troublemaker.

Just thought I'd post this link again, has some useful information.

Download the NHS Care Record Guarantee Leaflet from the above link if you want to know even more on the subject.

I'm more worried about the "summary" bit.

Having a dp in IT I know how easy it is for stuff ups.

Also just a little concerned a doctor would just read the summary if under time constraint and presume something was ok when a more detailed knowledge of my records were needed. At the moment my whole history is up on the screen-kind of like it that way.

Any NHS people who can put my mind at rest re that one-thanks .

MilaMae It won't change the information usually accessible to your gp, it will allow people who currently have no access to your records, say if you were rushed to hospital, to have access to your summery record, currently they wouldn't have any information about you.

I suppose if I had a special condition I might think that it could be a good idea to have my records accessed from where ever I was but I think on the whole this is a bad thing.

Not forgetting the many instances when a CD, lap top or memory stick has been lost or stolen, it will attract hackers like honey attracts bees.

Then, despite what the current government says, it will become another central database that can be merged with others. New Labour has a track record of wanting to know more and more about us, has introduced more cameras, created more laws than any previous one before.

To those who say 'if you haven't anything to hide, blah blah blah', well when you are turned down for a mortgage because the bank has found out you have a heart problem or the supermarket declines to sell you alcohol because you have a liver problem, it will be too late to put the Genie back in the bottle.

This country fought two world wars to remain a free land, please don't give away our civil liberties.