WCIT Information |
Medicine and Health Workshop
25/10/2007
There is a strong need for primary legislation to clarify responsibilities both for primary patient medical record management, and for the secondary use of the data. But any such legislation needs to make things better, not worse.
That was a core conclusion from a hard-hitting, wide ranging, and lively workshop on patient data integrity and privacy held in May by the Information Technologists Company’s Medicine and Health Panel. Chaired by Robin Guenier, the workshop comprised a high level and influential group of health IT professionals, doctors, lawyers, consultants and senior NHS directors.
Attendees at the confidential workshop said that we can expect to see governance issues grow as patients become more empowered to control their own digitised records. In particular discussions stressed the need to build trust with patients that their medical data would kept confidential and that any secondary use of their data be guaranteed anonymised.
“The bottom line is the trust of the public,” said one senior participant. “That is hard won and easily lost.”
GPs do have the trust of their patients. The doctor-patient relationship has moved from a paternalistic to a partnership relationship, built on consent, confidentiality, and respect for patients’ autonomy.
The need to respect patient autonomy means that the issue of informed and realistic consent is a very important one. Data should not merely be put on the system.
The question of who owns the data, who is the data controller, is a thorny one for government, the workshop heard. One practitioner expressed concern about the Year 2000 Health and Social Care Act, which stated that when in the interests of the State, organisations with patient records can send them to the Secretary of State. A subsequent amendment, Section 60, set up a Patient Information Advisory Group to give general consent for sharing of data (but without individual patients’ consent) for research purposes. “But how many go through this,” asked one participant?
One lawyer present warned that this situation appears to conflict with the European Data Protection Directive, so new legislation may be necessary for European legal compliance. Under current European law, patient records should not be used for medical research without their consent, he said.
It is also a question of degree and scale, the workshop heard. One GP warned that: “as we move from local organisation based systems (i.e. a GP’s surgery) to larger accumulations of locally shared detailed records (known as “instances”) the risk profile worsens. The implied consent of the former is not acceptable for the latter.”
There are challenges in ensuring that patient data is shared between the professionals caring for the patient. These might include: the GP, the local hospital consultant, the tertiary centre specialist and the district nurse. Commenting on such data sharing in practice, one participant expressed concern that: “Connecting for Health will not do what it says on the tin.”
Other concerns raised at the workshop relating to data ownership and privacy included: granularity of data (i.e. how much detail is needed); on the need for consistent definitions; on the guardianship of records; and on ensuring the correction of inaccurate records. Other questions related to: the degree of interoperability of the National System; the need for a consistent information architecture; and diminishing protection against a backdrop of shifting requirements.
There was strong debate on the issues relating to the nitty-gritty of the integrity, consistency and control of patient health records data. The workshop heard that control of data is “the big unresolved question.”
“Who is data controller of this information? Is it the Secretary of State or the patient? Is it the GP or an intermediary? This needs to be resolved as soon as possible,” urged one rapporteur.
One lawyer said: “there is a dangerous uncertainty over the control of medical records which could lead to a breakdown in trust.
“People assume that the GP is the data controller. This is politically acceptable – except to GPs,” said one participant. Most in the workshop saw the GP as an obvious data controller, but warned of potential tensions between GPs and hospital doctors as GPs would have to be able to cleanse the data, and hospital doctors are less technologically advanced than GPs. A minority view was that the patient should be the data controller, but that would require knowledge, ability and self-interest by the patient.
Governance of patient records emerged as another key issue. The workshop found a lack of overall governance relating to patient records. Concerns raised included: correcting erroneous information; verification of duplicate records; ability to change the record on the patient’s request; and the guardianship of the records.
In his summing up, Chairman Robin Guenier, who is also Chairman of the ITC’s Medicine and Health Panel, commented: “One thread is who is responsible? Even if there is a law it is of little value if you don’t know who to enforce it against. Unless someone is in the firing line things don’t get done.”
Please note that views expressed at ITC activities are the views of individual members or their guests, and not of the ITC.
JAR, 14 Oct 2007.
That was a core conclusion from a hard-hitting, wide ranging, and lively workshop on patient data integrity and privacy held in May by the Information Technologists Company’s Medicine and Health Panel. Chaired by Robin Guenier, the workshop comprised a high level and influential group of health IT professionals, doctors, lawyers, consultants and senior NHS directors.
Attendees at the confidential workshop said that we can expect to see governance issues grow as patients become more empowered to control their own digitised records. In particular discussions stressed the need to build trust with patients that their medical data would kept confidential and that any secondary use of their data be guaranteed anonymised.
“The bottom line is the trust of the public,” said one senior participant. “That is hard won and easily lost.”
GPs do have the trust of their patients. The doctor-patient relationship has moved from a paternalistic to a partnership relationship, built on consent, confidentiality, and respect for patients’ autonomy.
The need to respect patient autonomy means that the issue of informed and realistic consent is a very important one. Data should not merely be put on the system.
The question of who owns the data, who is the data controller, is a thorny one for government, the workshop heard. One practitioner expressed concern about the Year 2000 Health and Social Care Act, which stated that when in the interests of the State, organisations with patient records can send them to the Secretary of State. A subsequent amendment, Section 60, set up a Patient Information Advisory Group to give general consent for sharing of data (but without individual patients’ consent) for research purposes. “But how many go through this,” asked one participant?
One lawyer present warned that this situation appears to conflict with the European Data Protection Directive, so new legislation may be necessary for European legal compliance. Under current European law, patient records should not be used for medical research without their consent, he said.
It is also a question of degree and scale, the workshop heard. One GP warned that: “as we move from local organisation based systems (i.e. a GP’s surgery) to larger accumulations of locally shared detailed records (known as “instances”) the risk profile worsens. The implied consent of the former is not acceptable for the latter.”
There are challenges in ensuring that patient data is shared between the professionals caring for the patient. These might include: the GP, the local hospital consultant, the tertiary centre specialist and the district nurse. Commenting on such data sharing in practice, one participant expressed concern that: “Connecting for Health will not do what it says on the tin.”
Other concerns raised at the workshop relating to data ownership and privacy included: granularity of data (i.e. how much detail is needed); on the need for consistent definitions; on the guardianship of records; and on ensuring the correction of inaccurate records. Other questions related to: the degree of interoperability of the National System; the need for a consistent information architecture; and diminishing protection against a backdrop of shifting requirements.
There was strong debate on the issues relating to the nitty-gritty of the integrity, consistency and control of patient health records data. The workshop heard that control of data is “the big unresolved question.”
“Who is data controller of this information? Is it the Secretary of State or the patient? Is it the GP or an intermediary? This needs to be resolved as soon as possible,” urged one rapporteur.
One lawyer said: “there is a dangerous uncertainty over the control of medical records which could lead to a breakdown in trust.
“People assume that the GP is the data controller. This is politically acceptable – except to GPs,” said one participant. Most in the workshop saw the GP as an obvious data controller, but warned of potential tensions between GPs and hospital doctors as GPs would have to be able to cleanse the data, and hospital doctors are less technologically advanced than GPs. A minority view was that the patient should be the data controller, but that would require knowledge, ability and self-interest by the patient.
Governance of patient records emerged as another key issue. The workshop found a lack of overall governance relating to patient records. Concerns raised included: correcting erroneous information; verification of duplicate records; ability to change the record on the patient’s request; and the guardianship of the records.
In his summing up, Chairman Robin Guenier, who is also Chairman of the ITC’s Medicine and Health Panel, commented: “One thread is who is responsible? Even if there is a law it is of little value if you don’t know who to enforce it against. Unless someone is in the firing line things don’t get done.”
Please note that views expressed at ITC activities are the views of individual members or their guests, and not of the ITC.
JAR, 14 Oct 2007.