Tuesday, November 13, 2007

Government claim security problems with Electronic Patient Records fixed

The Government has responded to the Health Committee report on the Electronic Patient Record. It's another appalling example of how the government grinds irrationally on with the construction of white elephant information systems, in spite of all the evidence pointing towards the inevitability of the coming catastrophic failures of the system. From page 6:

"Recommendation (paragraph 121)

“Sealed envelopes” are a vital mechanism if sensitive information is to be held on the SCR. We recommend that:
• The right to break the seal protecting information in “sealed envelopes” should only be held by patients themselves, except where there is a legal requirement to override this measure; and
• Information in “sealed envelopes” should not be made available to the Secondary Uses Service under any circumstances; this will allow patients to prevent data being used for research purposes without their consent.

The Government accepts the first of these recommendations. Patient-sealed envelopes provide the mechanism whereby patients can restrict access to the parts of their SCR they consider to be particularly sensitive. Patients will be able to request that parts of their record are either ‘sealed’ or ‘sealed and locked’. These procedures form a level of access control deployed at the direction of the patient, not the NHS.

Sealed information will be recorded on the SCR and system users will be aware that some information has been sealed. However, access to the sealed information from outside of the team recording it will be obtainable only with the patient’s consent or in exceptional circumstances. Only those users with the necessary privileges will be able to gain temporary access to sealed information without the patient’s consent. A privacy officer will be alerted to the temporary access by any user and patients registered with HealthSpace will receive a notification when access permissions are changed or when temporary access is gained.

Sealed and locked information cannot be accessed outside of the team that recorded it. Users who do not have permission to access the sealed and locked information will be unaware of its presence.

The circumstances where patient-identifiable sealed and locked information may be lawfully disclosed by the clinical team that has access to it, and the circumstances where patient-identifiable information that is simply ‘sealed’ can be accessed by those outside of the team that recorded it, without the patient’s consent, are essentially the same. They are limited to circumstances where the information is required by law or where a significant public interest justification exists (for example, serious crime, child protection etc).

The Government does not accept the second of the recommendations. Patient consent to the use of anonymised or effectively pseudonymised data is not required by law and the use of such data for secondary uses, including research, is both accepted and actively promoted by the relevant professional and regulatory bodies. The Committee received strong evidence on the need for health information to be made available for research from a number of organisations. The design of the Secondary Uses Service ensures that patient confidentiality is protected."

So they reject the notion sealed envelope - confidential - medical data be kept out of the 'secondary uses service' - the database that lots of folk from civil servants to researchers have access to. The claim that "the design of the Secondary Uses Service ensures that patient confidentiality is protected" is patently false, when the data going into the secondary uses service will be neither confidential nor anonymised.

Look out for Ross Anderson's analysis which will hopefully appear at Light Blue Touchpaper soon. Ross was special adviser to the committee.

No comments: