There is a change in the way medical records are being stored.  It is intended that more people will have access to them. Not all of those will be medical staff concerned with your treatment.

In autumn 2014 it is likely that GP practices will be required to supply personal and confidential medical information about patients on a regular and continuous basis to the Health and Social Care Information Centre (HSCIC). Under the Health and Social Care Act 2012, GP practices have no choice in this matter.

The HSCIC states that the intention is to use the data for planning health services and research. The data will not be anonymised; quite the opposite. It will be divided into 3 main formats:

  1. GREEN - anonymised data that cannot be traced back to an individual patient;
  2. AMBER - pseudononymised amber data from which the patient is potentially identifiable; and
  3. RED – data from which the patient is clearly identifiable.

The information extracted by the HSCIC will include your NHS number, date of birth, postcode, medical diagnoses, referrals to specialists, prescriptions, family history, blood test results, smoking and alcohol habits.  Since this information is attached to your NHS number which is unique, in essence your entire medical history is on the files.

Some issues will not be extracted in the initial upload such as details of infertility treatment, sexually transmitted diseases, terminations of pregnancy, domestic and emotional sexual abuse. However, this is not a lifetime guarantee because it has already been stated that these exemptions may be reconsidered in due course.  In any event, items listed under prescriptions will potentially identify the infections or conditions from which a person may have suffered.

An individual does not have the right to modify the type of data that is extracted.  It cannot be limited by the patient’s choice.  A patient has to either withdraw from the whole scheme or allow all their data to be uploaded as required.

This is not a one off extraction.  GP surgeries will be required to provide information on a regular and continuous basis.

That information can be made available to organisations within the NHS and outside depending on the circumstances, the nature of the information and fees.  Once the information has been uploaded, your GP has no further control over it and cannot limit the use which is made of it.

Red data, that is clearly identifiable data, cannot be distributed in an identifiable form without either individual patient consent or permission from the Secretary of State for Health to release. This is provided for in Section 251 of the NHS Act 2006 and already a significant number of Section 251 Applications have been used and have been successful in hospital record releases.

There is no doubt that large scale review of medical data can identify disease processes, changes in illness patterns, treatments which are effective and so on.  There is a huge benefit in terms of looking at future health care provision when the whole picture can be viewed.

However, the issue is whether the confidentiality of the patient is respected and what happens to the data that is extracted.  Potentially, a large number of organisations could obtain access to the data.  Whilst it would certainly be arguable that anonymised data which can assist research projects and looking at health issues may be of benefit in the long run, there has to be some concern about the organisations that will be able to obtain access and the amount of information that they will be able to obtain.

More recently, information has been released which was part of a research project which indicated that the Staple Inn Actuarial Society may have purchased more than a decade’s worth of hospital data covering approximately nearly 50 million patients.  The indication is that this was for a research project looking at provisions for critical illness cover. There is no indication that confidentiality was breached.  However, those patients were not asked for their consent to their data being used (anonymised or not).  For a proportion of the population there would be a fair amount of disagreement with the idea that their data can be used in this way.

The government has put on hold plans to upload the data for a further 6 months (it was planned for this Spring).  Leaflets are supposed to have been sent out but for those of us (which may well be the majority) who chose not to receive junk mail, those leaflets will not have arrived.  There are concerns that there may be time limits for opting out in any event which have not been made clear.

It is a matter of individual choice as to whether you wish your own data or those of your family to be made available for research and other projects.  Many will be happy to do so.  For those that do not, however, you need to read around the subject, look at the options and discuss the matter with your GP.

No-one denies that the use of significant data is of benefit to health care professionals and for those wishing to manage health care provision in the future.  It is the issue as to whether this is informed consent and what choice people have once that data has been uploaded that is a concern. This is an all or nothing decision and once data is uploaded it cannot be removed.

Make sure you understand what is happening and you act on the basis of being informed rather than your medical information being used by default.