Debate over legality of Care Record Guarantee

14 May 2007

British data protection laws used to create the Care Record Guarantee could fall foul of new European Commission data protection laws, adopted in February according to an international law expert.

However, the view expressed to the parliamentary select committee on health by Douwe Korff, professor of international law at London Metropolitan University, was vigorously opposed by a representative from the information commissioner’s officer also present at the hearing.

New laws created by the EU Article 29 Data Protection Working Party on the protection of individuals with regard to the processing of personal data relating to health in electronic health records state that patients should give explicit consent to the processing of data and such data should be used ‘for the specific purpose of providing health-related services’.

Giving evidence to the parliamentary committee, Professor Korff, said: “Putting data on a patient record depends on a certain legal basis, if the data is disclosed, you need to have the consent of the patient otherwise it is illegal under the EU rules. Under the Care Record Guarantee, the patient is not the owner of their data, even though the Data Protection Act gives them the right to control their own data.

“The EU Data Protection Directive specifically prohibits the processing of personal data concerning health in general unless the data subject has given his explicit consent to the processing of those data. Opt-out solutions will not meet the requirement of being ‘explicit’.”

Professor Korff also pointed out to the committee that the use of data from the CRS for Secondary Uses Services (SUS) was also contrary to what EU laws require from electronic health records.

“Connecting for Health (CfH) has chosen to use patient data for all medical purposes, but the EU directive only applies to medical care, so their proposals would break European Law. The guidelines clearly state that the processing of data by health professionals covers processing of personal data for the specific purpose of providing health-related services of a preventative, diagnostic, therapeutic or after-care nature and for the purpose of the management of these healthcare services.

“Furthermore, it says not covered is further processing which is not required for the direct provision of such services, such as medical research. The two laws fundamentally clash and I would be happy to take a case on the matter to the European Court of Human Rights in Strasbourg.”

Listening carefully to Professor Korff’s evidence was Jonathan Bamford, assistant information commissioner, who along with information commissioner, Richard Thomas, sits on the Article 29 Data Protection Working Party.

Throughout Professor Korff’s evidence, Bamford shook his head in disagreement. Asked for his thoughts on the allegations, he told the committee: “There is a basis in UK law for doing what we are doing. The differences between the UK and EU laws are a completely separate issue, but I do not think that the Article 29 Working Party would say we were being unlawful.

“There are exemptions to the EU laws stated, but if the EC felt we were being unlawful, it would be a matter for the European Court of Justice to address and if there is an issue with UK data protection laws, then that would be a matter for the new Ministry of Justice to look into.”

Bamford said that though he did not think it was wrong to use the CRS data for SUS purposes, he would be starting an investigation to ensure that such data is properly pseudonymised. He said he has confidence on an anecdotal basis that it was being properly used currently.

He added that the informed consent approach gives patients proper transparency of their records and time to action their choice if they wish to opt-out.

However, Joyce Robins, the co-director of Patient Concern, said that this was far from the case.

“So much time and money has been spent on IT problems and now there is a push to get it moving. It is flying in the face of all medical ethics and is extremely worrying. Patients receive a leaflet which has information in small print advising patients to ask their GP surgery to discuss the opt-out with them, and then because they do so they are going to be labeled as a ‘privacy fascist’ or a ‘luddite’. This just indicates current attitudes and it is a real fear for patients.”

Concerns were also raised that patients who opt-out have to do so using the Section 10 rule of the Data Protection Act – saying that opting in will cause them substantial distress.

Bamford said: “A good reason for this is for GPs who need to defend themselves later because they couldn’t get access to medical records to aid them with their care. It is a balance of interests. It would be possible to sit with every patient and ask, but the practicalities are huge, so now the challenge is to maximise the extent to which individuals know what is happening.”

However Robins followed this up by alleging: “Consent blocks can be overridden with the click of a mouse without a patient’s consent. It is appalling. We also have to look at when and how historical information goes up which is absolutely crucial and you can bet your life that doctors aren’t going to be sitting with patients at that point.”

Bamford assured the committee that this will be checked: “It is an important issue to be addressed. It would be wrong to go fully live without agreement. We are working with CfH to do a research project to find vulnerabilities.

“The proof of the pudding is in the eating. We have the right to inspect the early adopter sites and see for ourselves…the system cannot be implemented properly unless it complies properly with the Data Protection Act.”

This would include ensuring that sealed envelopes will work correctly to safeguard the interests of patients, and not just leaving it to ‘blind faith in computer nerds’ as one committee member put it.

“It may be unfair in connection with some personal information if patients aren’t given the right to exercise their rights considering the degree of patient information being made available to others outside of medical carers, but we believe that providing the opt-out clause is the best fair and legal way of doing this,” Bamford added.

However, Professor Korff said: “The Data Protection Act in my opinion is too lax to meet EU standards. The EU offers free and informed consent. In the UK, the individual becomes no longer the subject, but an object and I think this flies in the face of medical ethics.”

The EC working document on the processing of personal data relating to health in electronic records is available for public consultation until 13 June 2007.

Links

EC Working Document on the processing of personal data relating to health in electronic health records (EHR)

Care Record Guarantee

Data Protection Act

Information Commissioner’s Office

Reader's Comments

So it goes on ...

14 May 07 09:05

Oh dear! The system was specified back in the summer of 2003 and - having made virtually no useful progress in implementing the NCRS - there are now debates about the legality of a key determinant of user acceptability. At the same time, we hear in another article on this page that there are "policy" issues with the sealed envelope approach.

So whilst the policy mandarins vacillate, the NRCS programme is perhaps in danger of being overtaken by other events.

Explicit consent

14 May 07 10:05

CfH could solve a huge number of concerns and allow the NCRS to progress if they just assured everyone that explicit consent would be sought before any uploads. It really is that simple.

Uncorrected oral evidence

15 May 07 10:05

from day 2 now available: http://www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/uc422-ii/uc42202.htm

Article 29 DPWP document

peter.singleton@chi-group.com

15 May 07 18:05

It is important to note that while the DPWP has 'adopted' this document, it is out for consultation until 13th June, so may well change before being finalised. It is not 'law', merely an interpretation of the EU Directive, though one with considerable significance.

I give up ...

15 May 07 21:05

... let's go back to a ledger written in long-hand using a goose feather and squid's ink. Remind me, how many angels can dance on the head of a pin?

Perhaps the answer is to get all patients to opt in by signing a statement which simply says - "I agree to my information being shared with anyone involved directly or indirectly in promoting my well-being"?

The alternative opt out could read "I absolve anyone involved in my direct or indirect care from responsibility in the event of decisions which would impact on my well-being having been made on the basis of insufficient information having been shared with them - despite it being easily available on the NHS Care Records Service, Social Care systems or any other system which might well interoperate with NHS CRS"

Re the above comment

helenwilkinsonmakey@fastmail.fm

16 May 07 11:05

Excellent idea I would sign the former comment opting out completely as I have had to by completely and totally deregistering from the NHS to protect my confidentiality.

Helen Wilkinson-Makey

I'm with Helen!

16 May 07 12:05

I'm with Helen!

Re: I give up

16 May 07 16:05

One often hears supporting anecdotes, but the hypothesis that a national system such as NCRS will reduce either morbidity or mortality remains to be tested. In fact, there is some evidence that use of computers in some high-dependency clinical settings may actually worsen outcomes.

Add to this the scale and complexity of the proposed system, the dynamism and uncertainty associated with much personal health information, and CfH's track record with the few systems delivered to date (read these pages!), and I need a lot of convincing that this really would be beneficial to either the individual patient or to the general population.

Now what was I hearing on the news yesterday about these potentially life-saving but unaffordable cancer drugs?

I'm with Helen!

16 May 07 20:05

I'm not!

I don't give a jot about confidentiality, if it helps people know about my pre-existing condition and serious allergies and stops them from accidentally killing me!

Afraid I can't afford to opt out of the NHS as I have two long-term conditions and have problems getting life insurance, never mind BUPA membership!

Choice?

helenwilkinsonmakey@fastmail.fm

17 May 07 09:05

For the person who is not with me. Why are patients who feel very strongly about their confidentiality like myself being denied the choice to totally opt out?

The DH are potentially putting my health at risk as would and already have refused treatment if meant going back on on any these databases. Unless I can be assured of my confidentiality I do not want to be treated.

So why are patients like myself being denied the choice to completely opt out?

Helen Wilkinson-Makey

NHS Code of Confidentiality

17 May 07 18:05

The NHS Code of Confidentiality is included within NHS employment contracts as a specific requirement linked to disciplinary procedures. The code states that "information that can identify patients must not be used or disclosed for purposes other than healthcare without the individual's explicit consent, some other legal basis, or where there is a robust public interest or legal justification to do so". This is already in place and guarentees the confidentiality of all patients by all NHS staff.

Breaching of patient confidentiality is a disciplinary offence and should be treated as such. Your details should not be used for anything other than your direct healthcare WITHOUT explicit consent. All NHS staff are required to meet the standards outlined in the code of confidentilaity in addition to any other terms of employment. Therefore if this policy is adhered to correctly and breaches dealt with the correct level of severity where is the problem? Clinicians will be able to see the full up to date information available about the patient (despite one commentator suggesting "there is some evidence that use of computers in some high-dependency clinical settings may actually worsen outcomes" there is also enough evidence that lack of up to date relevant information in these settings also worsens outcomes!) and not be at risk of making decisions without clinical information that would benefit them and the patient.

If patient information was then requested for research or study or any other purposes it can then be made available anonymously. If patient identifiable information was requested for non healthcare purposes it would only be made available with the patient's consent.

This enables the clinicans to access the patient information at the point of need for healthcare purposes and protects the patients' anonymity by preventing disclosure for non healthcare purposes with explicit consent.

NHS Code of ConfidentialIity

helenwilkinsonmakey@fastmail.fm

18 May 07 09:05

The NHS Code of Confidentiality is a complete mockery of the actual reality of the situation.

Every time a patient attends any hospital appointment patient identifible information is sent to NWCS/CLearnet/SUS will detials including postcode, date of birth, GP details, Consultant details, clinic attended, in patient, daycase attendence, procedure performed, whether the patient will be followed up. In my case this included my FULL name and address all this highly confidential information is used without patient consent.

Please see link here:

http://www.advisorybodies.doh.gov.uk/piag/

And read the document entitled Use of Patient Information in Long Term Use of Medical Conditions.

The document has Phil Walker as one of its authors and clearly states that there is "no secure basis in law" for the use of NWCS/Clearnet/SUS data.

This is how I was wrongly labelled as an Alcoholic.

There is No opt out for patients who do not consent to this. I managed to get the DH to agree that Section 10 of the DPA applied to me and to be on absolutely any DH/NHS database would cause me substantial and unwarranted distress. However they have repeatedly failed to put anything in place for me to be able to access medical care. I have even gone so far as refusing treatment as it meant going back these databases.

It begs the question: what confidentiality? In my opinion there is none.

Also so what if a member of staff faces disciplinary action? The damage for the patient has already been done.

NHS CRS will only make a bad situation even worse.

Helen Wilkinson-Makey

Re: NHS code of confidentiality

18 May 07 09:05

In an ideal world the NHS code might indeed "guarantee" confidentiality of all patients by all NHS staff. But disciplinary threats are not necessarily the ideal way of gaining compliance and the NHS presumably has its share of rogues like any other organisation. The question around NCRS is whether it makes it easier for these folk to access (and disclose) information on a wide range of patients than is possible with current systems?

Simple

18 May 07 11:05

Helen

You have two options

1. You can opt out of NHS itself all together and go private paying insurance 2. Never fall ill and never go to a doctor

Iam not trying to be funny but iam serious. You mentioned SUS being sent patient deatils. So you do not want NHS not to have a central organisation which can keep tab on fraud and perform cost management for effective treatment of patients.

Simple

18 May 07 11:05

Helen

You have two options

1. You can opt out of NHS itself all together and go private paying insurance 2. Never fall ill and never go to a doctor

I am not trying to be funny but i am serious. You mentioned SUS being sent patient deatils. So you do not want NHS not to have a central organisation which can keep tabs on fraud and perform cost management for effective treatment of patients.

Simple 2

sleepyfox@gmail.com

18 May 07 11:05

I think the focus has been lost in this discussion: what Helen is asking is why are her personally identifiable details being sent to NWCS etc?

Surely only non-identifiable case data should be used for purposes not directly involved in the care of the patient? Is this really so hard?

Reply to Simple 2

helenwilkinsonmakey@fastmail.fm

18 May 07 13:05

Thank you so much you hit the nail on head but there are 3 further points.

1. Why is the DH using patient identifiable information without patient consent and so therefore unlawfully?

2. Why is there any mechanism in place for patients who want to opt out it.

3. Why are the DH unable to comply with Section 10 of the DPA?

May be someone could answer this?

Helen Wilkinson-Makey