Evidence submitted by the Medical Protection
Society (EPR 55)
In our experience the breakdown in
communications is one of the most frequent causes of adverse incidents,
claims and complaints. We support, in principle, the development
of an integrated centralised health record system.
Patients should not be required to
expressly consent to have their data uploaded onto the NHS Care
Records System. However, patients should have the right to opt
out of the system or limit access to some of their clinical data.
Healthcare professionals must have
a legitimate justification to access patient information on centralised
system based on a therapeutic relationship.
Information on the centralised system
should be tiered to permit access only to the areas of a patient's
record which are necessary for a healthcare professional to carry
out their work.
The existing framework of confidentiality
and patient access to information should be replicated in the
centralised records system.
1. The Medical Protection Society (MPS)
is the world's leading indemnifier of health professionals. As
a not-for-profit mutual organisation, MPS offers support to members
with legal and ethical problems that arise from their professional
2. MPS membership offers peace of mind to
more than 240,000 health professionals and their patients worldwide.
Members commonly seek help with clinical negligence claims, complaints,
medical council inquiries, legal and ethical dilemmas, disciplinary
procedures, inquests and fatal accident inquiries. They have access
to expert advice from a 24-hour emergency helpline and, where
appropriate, legal assistance and compensation for patients who
have been harmed through negligent treatment. We also run risk-management
and education programmes to reduce adverse incidents and promote
3. MPS is not an insurance company. All
the benefits of membership of MPS are discretionary as set out
in our Memorandum and Articles of Association.
4. We welcome the Health Select Committee's
enquiry into the Electronic Patient Record and its use. The development
of the NHS Care Records service is a hugely ambitious project
which has the potential to make a significant difference to the
delivery of healthcare in England.
5. We support, in principle, the development
of an integrated centralised health record system. In our experience
the breakdown in communications is one of the commonest causes
of adverse incidents, claims and complaints.
6. We have experience of claims and complaints
arising from circumstances where the patient has changed GP practices
and consulted a new doctor who hasn't had the benefit of the patient's
records. This has compromised the doctor's ability to get the
full clinical picture; exposing the patient to sub-optimal care.
Access to accurate relevant information for appropriate healthcare
professionals through a centralised records system has the potential
to significantly enhance patient safety.
7. The introduction of a centralised records
system inevitably raises issues about confidentiality, access
and security. It is vital that the NHS Care Records Service is
developed in a way which complies with the existing legal and
ethical frameworks surrounding confidentiality and that the confidence
of both the profession and the public in the accuracy and security
of the information stored on the system is not undermined.
What patient information will be held on the new
local and national electronic record systems
8. If the intention is that the NHS Care
Records Service should be the sole repository of patient information,
then it must be comprehensive, tiered according to levels of sensitivity
and with access limited to those who have a legitimate reason
to have that information.
9. On the other hand, if the NHS Care Records
Service is intended principally as a summary, then there will
need to be clear guidelines about what should or should not be
recorded. There would be a risk that absent data on one patient's
record would indicate that there was nothing to record which could
potentially mislead a clinician.
10. We understand that the Department of
Health intends the record to be the primary comprehensive source
of information about the patient and that other records would
be phased out over time.
Should patients be able to prevent their data
being placed on systems
11. We support a system where all patients
should be deemed to have given consent to the uploading of their
health information unless and until they expressly opt out or
choose to limit the information available.
12. We understand that some organisations
have proposed that patients should have the right to expressly
opt into the system. We think that such proposals are wholly unworkable
and would place an unrealistic administrative burden on highly
pressed clinicians, particularly in the primary care sector. The
level of work involved in gaining each patient's express consent
would be completely disproportionate to the potential benefit.
13. Currently, the General Medical Council
(GMC) guidance makes it clear that (unless there are exceptional
circumstances) a patient's refusal to allow information to be
shared with another healthcare professional should be respected.
We believe that patients should have the same right with the electronic
14. Patients should be able to expressly
opt out of the centralised records system. A patient's right to
limit access to their clinical information could be addressed
by the "sealed envelope" system. Patients could limit
access to elements of their record by requesting that certain
information is hidden from normal view. Further thought needs
to be given to how patients will be able to restrict access to
their clinical information.
15. A large number of patients opting out
of the system would undermine one of the core benefits of a centralised
records system. We hope that opt outs would be a limited to a
small proportion of patients. The onus is on the Department of
Health to ensure that the security of the system is sufficiently
robust and that the system is rolled out in a way that captures
the confidence of the public.
Access to locally and nationally held information
16. The mere fact that a person is a healthcare
professional working in the NHS should not be sufficient to allow
unrestricted access to a patient's records. Currently, patient
records are held locally in paper and summary electronic form.
It is possible for anyone working in a primary care setting to
access patients' records without first being required to demonstrate
a legitimate justification. The only restriction is in terms of
confidentiality clauses in employment contracts.
17. The new system must be underpinned by
the principle that access is only possible by those who have a
legitimate justification to access health records in the delivery
of healthcare or other legitimate purpose.
18. The legitimacy should be based on a
therapeutic relationship, save in only the most exceptional circumstances.
Additionally, access to the system must be tiered to permit access
only to the areas of a patient's record which are necessary for
a healthcare professional to carry out their work. For instance
a receptionist in a GP practice will only need access to, for
example, the patient's name, address, telephone number, and possibly
limited access to some clinical information such as test results.
19. As mentioned above, patients should
be able to restrict access to certain information contained in
20. Presently, under the Data Protection
Act patients have a right to see their records whether they are
paper or electronic. It might be helpful, as a means of increasing
public confidence in the new system, if patients could "log
in" to the system to view their own data and to enable them
to see an "audit trail" detailing who has accessed their
data. Patients' rights of access to their own data should be subject
to the same therapeutic restrictions that are enshrined in the
Data Protection Act.
21. Security of electronic data is a global
concern. The new system must employ the most robust national and
international security measures to ensure that patient data remains
confidential. The scope and number of potential users of the NHS
Care Records System must be a potential weakness that will need
to be addressed.
22. Technology aside, the major problem
is the human factor which is not subject to system controls. Addressing
the human element is a matter of education and training, legal
requirements to comply, and enforcement.
23. The question of whether information
of a highly sensitive nature should be excluded from the system
during the pilot phase should be carefully considered.
24. While security requirements must be
rigorous, they should not be so onerous and time consuming that
they interfere with the ability of healthcare professionals to
meet patients' clinical needs, particularly in an emergency situation.
Data used for purposes other than the delivery
25. It is sensible that organisations outside
the NHS but involved in the delivery of healthcare should have
access to the appropriate information in the patient's electronic
record. However, the patient should be given the opportunity to
refuse to allow information shared outside the NHS. For instance,
a GP referring a patient to receive NHS treatment through a private
healthcare provider should explain to the patient that the provider
will have access to appropriate information contained in their
electronic record and give the patient the opportunity to refuse
or limit access to the provider.
26. Using data stored on the new records
system for clinical and management purposes is acceptable if the
data has been anonymised or pseudonymised in accordance with the
recommendations of the Information Commissioner.
27. The trend in clinical research has been
for increasing transparency and a proper consent process. That
should remain the case for any use of patient identifiable data
save where there are statutory requirements for disclosure and
processing of data for specific purposes.
We would be pleased to provide any further evidence
either in writing or orally which might be helpful to the Committee's
Medical Protection Society