Short abstract
Although some aspects of the NHS care record service have a broad consensus agreement, issues of consent and security are dividing health professionals, the public, and the national programme for information technology. Nigel Watson believes his experience of opting out shows it to be the most workable option, but John Halamka uses a US model to argue that opting in is the only way to ensure confidentiality
Health care is becoming more complex and is often delivered in different places by several professional groups. At present many records are still on paper and electronic records often do not link up. For example, although general practice electronic records are among the most advanced in the NHS,1 they are not normally available when the patient is seen out of hours or attends accident and emergency or another practice as a temporary resident. Electronic coded clinical communications between hospital and general practice systems are limited to pathology.
Figure 1.
How should she choose what records the doctor can see?
Credit: MARK THOMAS/SPL
The NHS care records service lies at the heart of the national programme for information technology.2 The service will provide electronic summary care records and detailed care records that are available throughout the health service. The concept of appropriate electronic clinical information being available to legitimate healthcare professionals is not contentious. Most people agree that patient centred care requires comprehensive information to be available wherever and whenever care is provided. There is less agreement, however, on how patients should consent to use of electronic records and how the data can be kept secure.
Models of patient consent
There are two broad schools of thought. The first, characterised as the opt-out model, is for the public to be informed of the NHS care records service and to be offered a chance to express their wish that they do not want their clinical records shared within the NHS. The second model is for no sharing to occur until people have expressed their desire to share their clinical records within the NHS—opting in. This is the option supported by the BMA's General Practitioners Committee.3 However, having experienced an opt-out approach in Hampshire and the Isle of Wight, I believe that, with caveats, this is the way forward. In November 2003, the public advisory board of the National Programme for Information Technology also advised, on balance rather than by clear consensus, adoption of an opt-out approach with a warning period. But what evidence is there on patients' views?
Evidence supporting opt-out model
Scotland has already used the opt-out approach for its emergency care summary, which extracts data from the general practitioners' records and hospital notes and is available to the out of hours service.4 Patients were informed of the project by a widespread publicity campaign and were invited to opt out if they had concerns. In February 2006 the emergency care summary contained records for nearly 3 300 000 patients and only 22 had opted out.5
In February 2004, the Wirral Health Informatics Service started consultation on establishing an electronic health record for each patient. The record contains clinical information provided by general practitioners and the hospital and will be available to general practitioners, hospital clinicians, and the out of hours service. Patients were invited to opt out if they had concerns. Of the 350 000 patients whose records were uploaded, only 25 opted out.
The health service in Alberta, Canada, changed from the opt-in position to an opt-out one in 2003. The decision was made after consultation with patients and clinicians. Minister of Alberta Health and Wellness stated: “The changes also recognize that patients must be assured their information is confidential. We consulted with health stakeholders and the Information and Privacy Commissioner to ensure confidentiality and appropriate access.
“The people who keep and manage electronic health records have told us getting consent is an administrative burden that takes time away from patient care and pilot project shows a majority of people consented to have their records shared by electronic means.”
Hampshire and Isle of Wight
General practitioners in Hampshire and the Isle of Wight have been involved in two similar projects for the past six years, and our experience may provide some practical solutions to issues of security and consent. A pilot project during April 2000 to March 2003, evaluated a patient electronic health record that could support the clinical care of the patient out of hours and in an emergency situation.6 A meeting between representatives of the General Medical Council, the medical defence organisations, the BMA's information and technology committee, the information commissioner, the local medical committee, and the primary care trust reached a consensus that records could be downloaded without explicit patient consent but that consent was required before the record was accessed. A leaflet was produced to explain the aims of the project and the important issues of consent. Patients were offered the opportunity to opt out of the project. Leaflets were sent to all households in the area and were also available in general practices and at the hospital.
The strategic health authority then worked in partnership with the local medical committees and hospitals in Hampshire to develop the clinical data repository using the same model of consent. When the repository went live in May 2006 it contained over 650 000 patient records from 76 general practices and 450 000 patient records from three hospitals. More practices and hospitals are contributing to the repository all the time.
Of the 1 300 000 patients in Hampshire and the Isle of Wight, 1150 have decided not to have their records included in the repository. Patients are made aware that they can view the information that is held on them. About 2000 patients have requested to view their record, although many stated this was out of curiosity rather than any concern over the project.
Security
Access to a patient record in the repository requires a user name and password. Local NHS organisations issue user names only to staff who have confidentiality clauses in their employment contracts. Before accessing the patient record the user is asked to confirm that the patient has given consent. Patients can give consent for once-only access or for one year for all clinicians involved in their care.
The record includes an audit trail that shows the date and time the patient's record is accessed and, most importantly, by whom. The audit trail automatically identifies when a record has been accessed but no change has been made to the record. A change would be expected if the patient had been receiving care from the general practice or hospital. If no change is made to a record, clinicians would be contacted to explain why they accessed the record. In the case of a life threatening emergency the consent can be overridden, but the clinician would record the reason in the record and have to defend his or her action if challenged at a later date.
The project has some limitations—for example, the clinician is unable to review the records before a consultation unless consent has been previously obtained. General practitioners do not ask consent to look at clinical records in their practice because they are deemed to have a legitimate relationship with the patient. Major problems have to be resolved regarding consent and access to the records when the patient is not present—for example, looking up hospital laboratory or radiography results.
Conclusions
The potential benefits of greater sharing of patients' electronic records are broadly agreed, with concerns remaining over patient consent and security. Several schemes have used an opt-out approach for electronic patient summary records, and these schemes have been widely accepted by health professionals and the public.
The opt-out model allows patients to benefit from earlier availability of information, reduces the workload on hard pressed services, and cuts the bureaucracy for both practices and patients. I believe we should adopt an opt-out approach for contributing information to the NHS care record service but obtain consent, or have a legitimate clinical relationship with the patient, to access the clinical records. It will be essential, however, to have a large publicity campaign six months before the start of the service, detailing to patients what is going to happen, the potential benefits and dangers, and most importantly how they can opt out of having their records shared.
References
- 1.Hippisley-Cox J, Pringle M, Cater R, Wynn A, Hammersley V, Coupland C, et al. The electronic patient record in primary care: regression or progression? A cross sectional study. BMJ 2003;326: 1439-43. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 2.Connecting for Health. NHS care records service. www.connectingforhealth.nhs.uk/delivery/programmes/nhscrs/ (accessed 20 Jun 2006).
- 3.BMA. Statement on Connecting for Health, June 2006. www.bma.org.uk/ap.nsf/Content/cfhstatement (accessed 20 June 2006).
- 4.Chief Medical Officer. NHS Scotland emergency care summary. Letter to NHS board chief executives, August 2004. www.show.scot.nhs.uk/sehd/cmo/CMO(2004)14.pdf (accessed 20 Jun2006).
- 5.Emergency Care Summary Newsletter 2006. February (No 3).
- 6.Adams T, Budden M, Hoare C, Sanderson H. Lessons from the central Hampshire electronic health pilot project: issues of data protection and consent. BMJ 2004;328: 871-4. [DOI] [PMC free article] [PubMed] [Google Scholar]