Conclusions and recommendations
113. The Committee is pleased that trials of the
national Summary Care Record (SCR) are now going ahead following
delays to the project. The SCR has the potential to improve the
safety and efficiency of care and to make the health service more
patient-centred. The SCR has the potential to improve the safety
and efficiency of care especially in emergency situations when
care is delivered by staff unfamiliar with the patient involved.
The Committee supports the aim of introducing a nationally available
summary record as soon as possible and deplores the delays and
continuing indecision about its content.
114. The SCR has less comprehensive clinical value
than shared Detailed Care Record (DCR) systems and is a comparatively
straightforward application which extracts information from existing
GP systems, whereas DCR systems must be built up from a range
of complex and interdependent component applications. Given that
there is expected to be clinical value from the SCR, its roll-out
should not be held back by delays to DCR systems. We examine
DCR systems in more detail in Chapter 4.
115. The Committee was dismayed, however, by the
lack of clarity about what information will be included in the
SCR and what the record will be used for. Officials gave different
answers to these questions on different occasions. The Committee
was told at various times that the SCR will be used for the delivery
of unscheduled care, for the care of patients with long-term conditions,
and to exchange information between primary and secondary care.
It is little wonder that patient groups expressed confusion about
the purpose and content of the SCR.
116. The Committee is aware of the Department's
most recent plans but is concerned that the complexity of the
SCR appears to be increasing. This will make the SCR more difficult
to use, particularly in emergency situations. The Department must
be clear about the purpose of the SCR, and it must ensure that
the record is easy to use. To this end, we recommend that the
SCR include a single standardised front screen to display key
health information which is vital for emergency care.
117. The Committee has also received inconsistent
information about the patient consent arrangements for the SCR.
Initially, we were told that information will be added to the
SCR with "implied consent", provided patients do not
opt out. This approach was strongly criticised by clinical and
patient groups. However, it subsequently became clear that while
the creation of the SCR, and the addition of "life-saving"
details such as prescription information, will require "implied
consent", the addition of detailed clinical information will
only take place with "explicit consent" from the patient.
This hybrid consent system represents a much more satisfactory
model but one which has not been well communicated to patients
118. The inclusion of prescription information
on the SCR with only "implied consent" remains problematic,
however. On the one hand, prescription information can often make
a patient's diagnosis obvious. On the other hand, excluding some
prescription information from the SCR would be clinically dangerous.
If the Department of Health does use the "implicit consent"
model for prescription information, it should make clear to patients
the implications both for data privacy and clinical safety.
119. The Committee considers that much of the
controversy over privacy and consent arrangements for the SCR
would have been avoided if Connecting for Health had communicated
its plans more clearly to patients. We recommend that Connecting
- Make clear to patients,
clinicians and the public that detailed information will only
be added to the SCR with explicit patient consent, that patients
can see this information before it is added, and that patients
can choose to have an SCR created but not accessed beyond their
GP surgery; and
- Offer the same assurances to all patients
in the SCR early adopter sites.
120. The arrangements for the SCR will be strengthened
when "sealed envelopes" are made available to protect
sensitive information and when patients can access their record
via the HealthSpace website. It is unfortunate that these elements
of the SCR are not yet in place, but the Committee understands
and supports the decision to press ahead in any case with trials
of the SCR. Connecting for Health must ensure that both "sealed
envelopes" and HealthSpace are introduced as soon as possible,
particularly so that their effectiveness can be assessed during
the independent evaluation of the early adopter programme.
121. "Sealed envelopes" are a vital
mechanism if sensitive information is to be held on the SCR. We
- The right to break the seal
protecting information in "sealed envelopes" should
only be held by patients themselves, except where there is a legal
requirement to override this measure; and
- Information in "sealed envelopes"
should not be made available to the Secondary Uses Service under
any circumstances; this will allow patients to prevent data being
used for research purposes without their consent.
122. HealthSpace is an excellent addition to the
SCR programme and has huge potential to improve the safety and
efficiency of care by allowing patients to check the accuracy
of their SCR and to access detailed information about their own
health. In order to take fuller advantage of HealthSpace, we recommend
that Connecting for Health:
- Trial the use of HealthSpace
for patients, particularly those with long-term conditions, to
record their own measurements of key health information;
- Ensure that HealthSpace allows patients to
view audit trails, showing who has accessed their SCR record and
under what circumstances, and offers mechanisms for investigating
- Promote the use of HealthSpace, monitor levels
of uptake, and ensure that there is equitable access across the
country and that coercive access is prevented; and
- Commission an independent evaluation of HealthSpace
once the system is widely available.
123. We note that in France patients will own
their national summary record. This approach gives patients more
control over who can access their record and more opportunity
to influence and take control of their own care. We therefore
recommend that Connecting for Health consider a similar model
for the SCR in England.
124. The Committee does not have the knowledge
or expertise to make specific judgements about the likely effectiveness
of planned technical security systems at protecting the SCR from
external attack. We received strong assurances from officials
and suppliers about the quality of security systems, and we accept
the inevitability of a trade-off between levels of security and
the need to ensure that systems are user-friendly. We also acknowledge
that no information storage system can be considered 100% secure.
125. However, serious concerns were expressed
regarding the lack of information both about how security systems
will work and about the outcomes of security testing. We agree
with these concerns and recommend that Connecting for Health ensure
that BT's planned security systems for its national applications
are subject to independent evaluation and that the outcomes of
this are made public.
126. Maintaining the operational security of the
new SCR system is a substantial challenge. We acknowledge that
Connecting for Health and its suppliers have made significant
efforts to minimise the risk of operational security breaches.
Individual smartcards, rigorous user authentication, role-based
access controls, legitimate relationships and audit trails will
all help to increase operational security, both individually and
in combination. However, many of these measures are new and untested
on the scale that they will be used in the NHS. As a result, their
impact and vulnerabilities are difficult to predict. We therefore
recommend that Connecting for Health:
- Ensure that the evaluation
of the early adopter sites examines both the individual and the
collective impact of the new operational security measures for
the SCR, commissioning a separate evaluation if necessary; and
- Undertake a program of operational security
training for all staff with access to the SCR, emphasising the
importance of not divulging information to those who request it
under false pretexts.
127. Operational security also depends on effective
enforcement. The Department of Health and the Information Commissioner's
Office have called for custodial sentences for people who unlawfully
access personal information. The Committee welcomes this, and
recommends that a substantial audit resource be provided to detect
and prosecute those who access the system unlawfully.