You are here: Parliament home page > Parliamentary business > Publications and Records > Committee Publications > All Select Committee Publications > Commons Select Committees > Health > Health
Select Committee on Health Sixth Report

Summary

Electronic patient record (EPR) systems have the potential to bring huge benefits to patients and are being implemented in health systems across the developed world. Storing and sharing health information electronically can speed up clinical communication, reduce the number of errors, and assist doctors in diagnosis and treatment. Patients can have more control of their own healthcare. Electronic data also have vast potential to improve the quality of healthcare audit and research. However, increasing access to data through EPR systems also brings new risks to the privacy and security of health records.

In England, implementing EPR systems is one of the main aims of the 10-year National Programme for Information Technology (NPfIT), which was launched in 2002, building on earlier initiatives. The main plank of the NPfIT programme is the NHS Care Records Service (NCRS) which will create two separate EPR systems: a national Summary Care Record (SCR), containing basic information, and local Detailed Care Records (DCRs), containing more comprehensive clinical information. NCRS will also include a Secondary Uses Service (SUS) which will provide access to aggregated data for management, research and other 'secondary' purposes.

Following delays, trials of the SCR are now taking place at a number of 'early adopter' sites. We found it difficult to clarify exactly what information will be contained in the SCR and what the primary uses of the record will be. The explanations eventually provided by the Department of Health showed that the SCR could have great clinical value in some situations. Therefore, although it will be less comprehensive than clinically rich DCR systems, we support the implementation of the SCR as soon as possible.

The consent arrangements for creating and adding information to the SCR have not been well communicated to patients or clinicians. In particular, debate has arisen over whether an 'opt-out' or 'opt-in' system should be used. In fact, a hybrid consent system is now proposed: an 'opt-out' system will be used for the creation of the SCR, while the addition of clinical information will happen on an 'opt-in' basis. This is a satisfactory consent model but we recommend that much more is done to explain these arrangements, particularly to patients.

Important components of the SCR have not yet been completed. "Sealed envelopes" will allow patients to restrict access to particularly sensitive information and are an important safeguard for patient privacy. Meanwhile the HealthSpace website will allow patients to access their SCR from home and has great potential for making care more patient-centred. We therefore recommend that both "sealed envelopes" and HealthSpace are implemented as soon as possible. We also make specific recommendations for improving these features of the SCR.

Maintaining the security of the SCR and other NCRS systems is a significant challenge. Each SCR will be potentially available across the country to a wide range of different users, making operational security especially problematic. Connecting for Health, the organisation responsible for delivering NPfIT, has taken significant steps to protect operational security, including strong access controls and audit systems. However, the impact of these measures in the complex environment of the NHS is difficult to predict. We recommend a thorough evaluation of operational security systems and security training for all staff with access to the SCR.

DCR systems, which will allow local organisations to share detailed clinical information, are the "holy grail" for NPfIT. Such systems can improve safety and efficiency, support key activities such as prescribing, and vastly increase the effectiveness of clinical communication. In particular, DCR systems offer improvements to the care of patients with multiple or long-term conditions. It is on NPfIT's success in delivering DCR systems that the programme's effectiveness should ultimately be judged.

In order to deliver DCR systems, Connecting for Health has set out to replace local IT systems across the NHS, as well as building the capacity to link these systems together. The new national broadband network has now been completed, but progress in other areas has been disappointing. In particular, the introduction of new basic hospital Patient Administration Systems (PAS) has been seriously delayed. One of the two main hospital PAS products, Lorenzo, will not be trialled in the NHS until 2008. As a result of these and other delays, it is not clear when joined-up DCR systems will be widely available.

In addition, we found it difficult to ascertain either the level of information sharing that will be possible when DCR systems are delivered, or how sophisticated local IT applications will be. In its original specification documents in 2003, NPfIT established a clear vision for local electronic records systems. Four years later, however, the descriptions of the scope and capability of planned DCR systems offered by officials and suppliers were vague and inconsistent. Some witnesses suggested that parts of the original vision have been abandoned because of the difficulties of implementing new systems at a local level. We recommend that Connecting for Health publish clear, updated plans for the DCR, indicating whether and how the project has changed since 2003. We also recommend that timetables for completing DCR systems are published by all suppliers.

An important cause of the delays to DCR systems has been the lack of local involvement in delivering the project. Hospitals have often been left out of negotiations between Connecting for Health and its suppliers, and found themselves, as one witness put it, at "the bottom of the food chain". As a result, they have lacked the incentives or enthusiasm to take charge of deployments. Increasing local ownership is now a key priority for the programme. The NPfIT Local Ownership Programme is an important first step but does not go far enough. We make a number of detailed recommendations for increasing local ownership, including giving local organisations responsibility for negotiating with suppliers and for contract management, and offering users a choice of systems wherever possible.

We recommend that Connecting for Health switch as soon as possible to focus on setting and ensuring compliance with technical and clinical standards for NHS IT systems, rather than presiding over local implementation. Clear technical standards will allow systems to be centrally accredited for use in the NHS, whilst giving local users the final say over which system is procured and how it is implemented. The GP Systems of Choice initiative is a good model for this approach. We also recommend that an independent technical standards body and a standards testing service be established to support this work.

Safe and effective data sharing, the fundamental aim of DCR systems, also requires a more standardised approach to the recording of clinical information. To this end, the agreement on a universal coding language for the NHS, SNOMED-CT, and a single unique patient identifier, the NHS number, are important achievements. We recommend that clear timetables are set for introducing SNOMED-CT and the NHS number across the health service. In addition, we recommend that Connecting for Health work with professional bodies to develop information standards for the recording of clinical data in the various specialities and care settings across the NHS.

The development of the SCR and DCR will offer the SUS access to clinical data which are more timely, better integrated and of a significantly higher quality than those currently available. This is likely to transform the SUS and offers significant benefits, most notably for health research. However, researchers told us that more should be done to ensure that these opportunities are maximised. We make several recommendations for improving access to data for research purposes, including not only the single unique identifier, but also developing better linkage between new and existing databases.

Increasing access to patient data also brings new challenges for safeguarding patient privacy, however. There is a difficult balance to be struck between the need to protect privacy and the opportunities for research, between safeguarding individual rights and promoting the public good. There are also a number of weaknesses within current access and governance systems. In particular, during the inquiry questions were raised about the extent to which pseudonymisation of data should be relied upon to protect privacy. We recommend that the Department of Health conduct a full review of both national and local procedures for controlling access to electronic health data for 'secondary uses'.

Despite some notable successes, the delivery of NCRS has in general been hampered by unclear communication and a worrying lack of progress on implementing local systems. Although Connecting for Health's centralised approach has brought important benefits, it will increasingly need to be modified, particularly if the crucial DCR programme is to succeed. By clearly restating its aims, providing timetables and indicating how they will be met, and ensuring local organisations take charge of deployment, Connecting for Health can still ensure that NCRS is a success.




 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index
© Parliamentary copyright 2007
Prepared 13 September 2007