Set out below is the General Medical Council's written submission for the Health Select Committee inquiry into the electronic patient record and its use. Please accept our apologies for the delay in providing these comments. I hope that the Select Committee will be able to consider them.

  1.  The GMC welcomes the opportunity to assist the Health Select Committee in its inquiry into the Electronic Patient Record and its use. This submission provides information on the following:

(a)  Our statutory role as the regulator for medical practitioners registered in the United Kingdom.

(b)  Our advice to the profession, pursuant to our statutory functions, on issues of confidentiality.

(c)  How the NHS Care Record Service (CRS) might affect doctors' duty of confidentiality and our advice about their responsibilities.

THE ROLE OF THE GENERAL MEDICAL COUNCIL (GMC)

  2.  The GMC's role in the regulation of doctors is defined in our statutory and charitable purposes: to protect, promote and maintain the health and safety of the public by ensuring proper standards in the practice of medicine. The law gives us four main functions under the Medical Act 1983:

(a)  Keeping up-to-date registers of qualified doctors.

(b)  Fostering good medical practice.

(c)  Promoting high standards of medical education.

(d)  Dealing firmly and fairly with doctors whose fitness to practise is in doubt.

  3.  We are not in a position to respond to all the issues raised in the Committee's terms of reference, although we have followed what Connecting for Health have advised on what patient information will be held on the new local and national electronic record systems, and who will have access to locally and nationally held information and under what circumstances. We have been assured about the intentions for robust access controls, security arrangements and audit, so that only those with a legitimate relationship should access patients' records. Legitimate relationships and role-based access, if properly implemented and robustly monitored, should go a long way to ensuring information is not accessed inappropriately.

  4.  We continue to be engaged, through membership of the Information Standards Board and Care Record Development Board working groups on secondary uses of data and on children, with the detailed development plans for rolling out the CRS.

  5.  We welcome the intended benefits to patient care and safety that the CRS offers in terms of the timely access to up-to-date information when it's needed. And additional benefits of effectively anonymising patient data for use in healthcare management and planning, research and other secondary uses opens up possibilities for better protecting patients' privacy than currently exist.

PUBLISHED GUIDANCE ON CONFIDENTIALITY

  6.  Confidentiality is central to the trust between doctors and patients. Without assurances about confidentiality, patients may be reluctant to give doctors the information they need in order to provide good care.

  7.  In our published guidance, Confidentiality: protecting and providing information[51], we explain doctors' duty to respect patients' autonomy and confidentiality and the consequent need to seek patients' consent before sharing or using their personal information, wherever that is practicable. This reflects common law and statutory obligations as well as important ethical principles.

  8.  We also advise that doctors who are responsible for health information about patients should ensure that it is effectively protected against improper disclosures and make reasonable efforts to ensure that they connect to networks which have appropriate systems for the protection of data.

  9.  This guidance was drafted in an age of simpler local or area networks, within practices or hospitals or with local PCTs. We are not in a position to assess the security arrangements of the CRS and it would not be reasonable to expect doctors individually to do so. Of course, if doctors have concerns about data security, we would still expect them to raise concerns when they believe that patient safety is being compromised by inadequate premises, equipment or other resources.

CONSENT, CONFIDENTIALITY AND PATIENT CONTROL

  10.  In considering our own contribution to the recent "opt-in/opt-out" debate, and in response to queries about pilots, we have concluded that the format and means of recording information are matters for the health service providing care, either within the NHS or private sector. Patients cannot, for example, require doctors to record information about them on paper records rather than on computer systems to which others have access. How the records are used, shared or disclosed—the matters governed by the law and ethics of confidentiality—are matters for individual patients and doctors to determine in accordance with the law and professional guidance.

  11.  Patients usually have the right to decide with whom identifiable information about them is shared. Most people understand and accept that information must be shared within the healthcare teams that provide their care. In our guidance we explain that it should be made clear to patients when information is to be shared with anyone employed by another organisation or agency which is not contributing to their care, and the wishes of any patients who object to information being shared should usually be respected (see paragraph 10 of our guidance[52].

  12.  It is essential that patients are provided with sufficient, appropriate information and given time to make informed choices about whether to opt-out of the CRS or its constituent parts or to have parts of their records placed in "sealed envelopes" when that option becomes available. The information provided by Connecting for Health as part of the roll out of the CRS will be crucial in this regard and doctors will play an important role in explaining patients' options and addressing their concerns as they are raised.

  13.  We have emphasised and sought to ensure that the CRS, when implemented, provides at least an equal standard of confidentiality for patients as current paper and computer systems.

Dr John Jenkins

Chairman, Standards and Ethics Committee

March 2007

52   General Medical Council, 2004, Confidentiality: Protecting and Providing Information. Back