In clinical negligence cases we invariably need to obtain copies of our clients’ medical records. Presentation of a signed Form of Authority is a key part of the process, and so it should be. Confidentiality lies at the heart of the patient doctor relationship, and doctors must always be clear that the patient’s explicit agreement is obtained before their private and sensitive data is released to third parties who are not involved in their care. The care.data programme that is being rolled out by the NHS puts both the doctor and the patient in an invidious position.
What is the care.data programme about? In essence, soon all GP are going to be obliged to forward various details from your medical records to a vast national database (the care.data progamme) unless you opt out. You will be identifiable from this as it will include your NHS number, date of birth, postcode etc and linked into the system will be details from your hospital records too. That is step one. Step two is the passing on of this information, less some of the more obviously identifying information, to organisations which have successfully applied to the Health and Social Care Information Centre (HSCIC). It is anticipated that a wide range of bodies such as drug companies, university research departments and government departments will obtain access to the database, and they will pay a fee to do so. It is not a database for use by the clinicians involved in the day to day provision of your medical care.
There are concerns that in certain circumstances it will be possible for you to be identified from the data that is passed on to successful applicants. The concerns especially arise where bodies already hold significant information which could be married up with the data passed on to identify individuals. And, of course, the data initially passed on to the database is not anonymised at all.
One of the ideas behind the database is to improve patient care, which is obviously a positive, but it does not take much to realise the potential for more negative uses, and on a magnitude unthinkable until now.
You are, however, able to opt out and medConfidential’s website provides their take on how to do this. You can also consult the NHS leaflet “Better Information Means Better Care” (www.nhs.uk/caredata) itself, of course, although it doesn’t expressly use the words ‘opt out’ and various commentators have taken issue with whether the leaflet makes clear what it is you actually need to do.
One of the aspects of all of this which I find curious is the way in which consent for the transfer of this sensitive data is being obtained.
Firstly, an “opt out” system is inherently dubious as a method of ensuring that patients have, indeed, consented. It should, at the very least, involve a clear, comprehensive and accurate dissemination of information to all. For many of us, the main way in which we are meant to know about the scheme is through the NHS leaflet “Better Information Means Better Care”. But is must be doubted whether all patients have read, or even received, the leaflet itself. What, for instance, of people who are blind/don’t speak English/on holiday/too busy? What of children? The list is endless. The leaflet is not addressed to any individual. What of shared houses and flats? This could easily be discarded as junk mail or considered by only part of a household. How does your GP know whether you are even aware of what is being proposed, far less have consented to it? Indeed, a recent poll for BBC Radio 4’s PM programme suggests that fewer than a third of adults recall getting a leaflet about the changes to the handling of medical records.
Furthermore, the title of the leaflet, a statement that “Better Information Means Better Care”, is a frankly odd way to head up a leaflet relating to consent to disclose medical records. It is oblique, to say the least.
If you do start to read the leaflet you will see that it is far from clear what is actually being proposed, and it is pretty coy about what types of organisations may obtain access to your data, or indeed whether data is already being “shared”.
In terms of whether you are identifiable from the data transferred, the leaflet gives mixed messages and is, again, far from clear. On the one hand it states, “details that could identify you will be removed before information is available to others such as those planning NHS services and approved research”. But on the other hand, it goes on, “if you do not want information that identifies you to be shared outside your GP practice, please ask the practice to make a note of this in your medical records”. Which is it? Will you be identifiable from the data or not? And if so, by whom?
The leaflet concludes with “if you are happy for your information to be shared you do not need to do anything”. I know I am a lawyer, but really, this language is so inexact as to be almost meaningless. What does “information” mean? And to “share” with whom? The world? And for what purpose?
This lack of clarity makes it impossible to give implicit consent. And where you have an “opt out” system clarity is of particular importance as is addressing individuals rather than households. So, for patients this is invidious indeed, but so too for GPs who are caught between the need to respect patient confidentiality on the one hand and on the other, the need to comply with the requirements of the Health and Social Care Act 2012 which obliges them to pass the data on. No wonder the tide of concern over the implementation of the scheme from many different quarters is rising and that a decision has now been taken to delay implementation of the scheme until Autumn 2014. Let’s hope that between now and then there is far greater transparency about what the scheme actually involves, and how those who wish to may opt out.