Evidence submitted by the General Medical
Council (EPR 69)
Set out below is the General Medical Council's
written submission for the Health Select Committee inquiry into
the electronic patient record and its use. Please accept our apologies
for the delay in providing these comments. I hope that the Select
Committee will be able to consider them.
1. The GMC welcomes the opportunity to assist
the Health Select Committee in its inquiry into the Electronic
Patient Record and its use. This submission provides information
on the following:
(a) Our statutory role as the regulator for
medical practitioners registered in the United Kingdom.
(b) Our advice to the profession, pursuant
to our statutory functions, on issues of confidentiality.
(c) How the NHS Care Record Service (CRS)
might affect doctors' duty of confidentiality and our advice about
their responsibilities.
THE ROLE
OF THE
GENERAL MEDICAL
COUNCIL (GMC)
2. The GMC's role in the regulation of doctors
is defined in our statutory and charitable purposes: to protect,
promote and maintain the health and safety of the public by ensuring
proper standards in the practice of medicine. The law gives us
four main functions under the Medical Act 1983:
(a) Keeping up-to-date registers of qualified
doctors.
(b) Fostering good medical practice.
(c) Promoting high standards of medical education.
(d) Dealing firmly and fairly with doctors
whose fitness to practise is in doubt.
3. We are not in a position to respond to
all the issues raised in the Committee's terms of reference, although
we have followed what Connecting for Health have advised on what
patient information will be held on the new local and national
electronic record systems, and who will have access to locally
and nationally held information and under what circumstances.
We have been assured about the intentions for robust access controls,
security arrangements and audit, so that only those with a legitimate
relationship should access patients' records. Legitimate relationships
and role-based access, if properly implemented and robustly monitored,
should go a long way to ensuring information is not accessed inappropriately.
4. We continue to be engaged, through membership
of the Information Standards Board and Care Record Development
Board working groups on secondary uses of data and on children,
with the detailed development plans for rolling out the CRS.
5. We welcome the intended benefits to patient
care and safety that the CRS offers in terms of the timely access
to up-to-date information when it's needed. And additional benefits
of effectively anonymising patient data for use in healthcare
management and planning, research and other secondary uses opens
up possibilities for better protecting patients' privacy than
currently exist.
PUBLISHED GUIDANCE
ON CONFIDENTIALITY
6. Confidentiality is central to the trust
between doctors and patients. Without assurances about confidentiality,
patients may be reluctant to give doctors the information they
need in order to provide good care.
7. In our published guidance, Confidentiality:
protecting and providing information[51],
we explain doctors' duty to respect patients' autonomy and confidentiality
and the consequent need to seek patients' consent before sharing
or using their personal information, wherever that is practicable.
This reflects common law and statutory obligations as well as
important ethical principles.
8. We also advise that doctors who are responsible
for health information about patients should ensure that it is
effectively protected against improper disclosures and make reasonable
efforts to ensure that they connect to networks which have appropriate
systems for the protection of data.
9. This guidance was drafted in an age of
simpler local or area networks, within practices or hospitals
or with local PCTs. We are not in a position to assess the security
arrangements of the CRS and it would not be reasonable to expect
doctors individually to do so. Of course, if doctors have concerns
about data security, we would still expect them to raise concerns
when they believe that patient safety is being compromised by
inadequate premises, equipment or other resources.
CONSENT, CONFIDENTIALITY
AND PATIENT
CONTROL
10. In considering our own contribution
to the recent "opt-in/opt-out" debate, and in response
to queries about pilots, we have concluded that the format and
means of recording information are matters for the health service
providing care, either within the NHS or private sector. Patients
cannot, for example, require doctors to record information about
them on paper records rather than on computer systems to which
others have access. How the records are used, shared or disclosedthe
matters governed by the law and ethics of confidentialityare
matters for individual patients and doctors to determine in accordance
with the law and professional guidance.
11. Patients usually have the right to decide
with whom identifiable information about them is shared. Most
people understand and accept that information must be shared within
the healthcare teams that provide their care. In our guidance
we explain that it should be made clear to patients when information
is to be shared with anyone employed by another organisation or
agency which is not contributing to their care, and the wishes
of any patients who object to information being shared should
usually be respected (see paragraph 10 of our guidance[52].
12. It is essential that patients are provided
with sufficient, appropriate information and given time to make
informed choices about whether to opt-out of the CRS or its constituent
parts or to have parts of their records placed in "sealed
envelopes" when that option becomes available. The information
provided by Connecting for Health as part of the roll out of the
CRS will be crucial in this regard and doctors will play an important
role in explaining patients' options and addressing their concerns
as they are raised.
13. We have emphasised and sought to ensure
that the CRS, when implemented, provides at least an equal standard
of confidentiality for patients as current paper and computer
systems.
Dr John Jenkins
Chairman, Standards and Ethics Committee
March 2007
51 See www.gmc-uk.org/guidance/current Back
52
General Medical Council, 2004, Confidentiality: Protecting and
Providing Information. Back
|