5 February 2008
A BMA survey of 219 doctors  shows that 93% are “not confident [that] patient data on the proposed NHS centralised database would be secure”. The survey also showed that 9 out of 10 doctors didn’t feel they could assure their patients that their data would be secure, and that 8 out of 10 wouldn’t want their own medical records uploaded onto the system.
This is hardly surprising, given the extent to which the NHS Secondary Uses Service (SUS), currently run by BT, provides access to patient details in both ‘pseudonymised’ and personally identifiable form. Your local Primary Care Trust, Strategic Health Authority, the Department of Health, medical researchers, the police, the Borders and Immigration Agency and even social marketers ‘Dr Foster’ are all allowed access to this personal and clinical information.
Some GPs are so unhappy that they have already taken the step of opting themselves out using the ‘stop code’ recommended by NHS confidentiality campaign, TheBigOptOut.org (TBOO)  – and a number of GP practices have linked to or re-published TBOO’s opt out letter on their own websites.
Connecting for Health  claims to have sent letters to every patient in its “early adopter” practices, but NO2ID and TBOO have heard from patients in these areas who did not receive a letter before their Summary Care Record  was uploaded.
In at least one Scottish practice where GPs wrote individually to all their patients about plans to upload their records, around 19% opted out  – as opposed to the 0.01% opt out rate claimed by the NHS for the rest of Scotland. Such a huge discrepancy suggests the entire “implied consent” model is fundamentally flawed.
Phil Booth, NO2ID’s National Coordinator, said:
Your doctor doesn’t want this; the BMA thinks it’s a terrible idea. Why then is the government so hell bent on grabbing your most private information? The Secondary Uses Service back door is clearly for the convenience of bureaucrats and bean counters – and those companies who have been dying to get their hands on your details for years.
British healthcare needs medical confidentiality, not more state surveillance. The official spin is that NHS spine could save lives in a few situations; the reality is that more people will get sick and could die if they don’t feel they can trust their doctor with their most sensitive details.
Notes for editors
1) BMA ‘Doctors Decide’ poll, 1/2/08
2) People concerned about the privacy of their medical records should visit the TBOO website to download a letter they can use to opt out:
http://www.nhsconfidentiality.org/optoutletter. Launched in November 2006, by the beginning of 2008 over 200,000 copies of TBOO’s letter had been personalised and downloaded via the web or sent direct to patients on their request.
3) Connecting for Health (CfH) is the division of the Department of Health responsible for the £12bn+ National Programme for IT (NPfIT). Be warned: CfH does not appear to like dissenting voices…
4) The Summary Care Record (SCR) is just the first step towards uploading people’s entire medical history. Unless you opt out before one is created from your biographical details, your major illnesses, allergies and last 6 months’ prescriptions, you will have no choice – your entire health record will be uploaded at a later date.
“Sealed envelopes” – the technical ‘fix’ promised by CfH to protect people’s most sensitive details when the full upload takes place – have never been demonstrated to work in practice, and an internal CfH assessment shows that storing information centrally in this way is less private and secure than keeping it locally.
5) http://www.healthcarerepublic.com/news/GP/662594/fifth-patients-reject-e-records/ – as first reported in a letter to the British Journal of General Practice, June 2007.
A generic letter sent by NHS Scotland about its Emergency Care Summary (ECS) prompted just 646 opt outs from a population of around 5 million, but when GPs Dr Gordon Baird and Dr Mary Donnelly sent a personal letter to their 1,710 patients explaining the data extraction process and asking the same question, 326 (19%) withheld consent.
Connecting for Health’s “implied consent” model means that, having posted a single letter and heard nothing in return, it will assume that a patient has consented to having his or her personal and clinical details uploaded.
Connecting for Health officials cannot say how many people in the “early adopter” areas never received a letter, nor how many didn’t read it, nor how many failed to realise that they had to act immediately to avoid upload of their complete medical record at a later date. Patients who have received the letter have told NO2ID and TBOO that they found it very “one-sided”.