Evidence submitted by the Royal College
of Surgeons of England (EPR 26)
The Patient Liaison Group at the Royal College
of Surgeons of England has been monitoring the progress of this
initiative, and their representative attended the Care Record
Development Board Annual Conference in November 2005, which afforded
the opportunity to ask questions. The impression taken away from
this Conference was distinctly that of a project not sufficiently
thought through from the beginning. Issues which should have been
developed long before the project commenced were being dealt with
as and when they arose, leaving all stakeholders uncertain about
many issues. Such questions as how the use of the patient records
would be shared with private medical care, and whether confidentiality
clauses would have to be built into individual contracts of employment
in the private medical sector remained unanswered, with the proviso
that this was work which had yet to be developed. These are fairly
basic considerations for a project of this kind. The Patient Liaison
Group holds the view that the uncertainties revealed from the
Annual Conference demonstrate a project which was not sufficiently
piloted before large sums of money were engaged in the project.
A more prudent and measured investigation should have been allowed
to reveal the potential difficulties in a project of this magnitude.
Whilst the benefits of an electronic patient
record are generally accepted, this was an overly ambitious project
untested anywhere else in the world. The haste with which the
project was launched did not appear to consider whether the national
record justified such expenditure or whether a more modest upgrade
of existing local IT systems would not have delivered the same
The conclusions of the Ministerial Taskforce
on the Summary Care Record made recommendations retrospectively,
which should have been part of the initial Project Plan. These
include point 2 which states that problems, faults and practicalities
are resolved before the system becomes widely available. Point
4 which recommends producing standards for good electronic patient
summaries in general practice is again work which should have
formed part of the early pre-project planning phase. Point 6 shows
that a training package is only latterly being considered.
We are very surprised that an independent IT
agency or some other form of external expertise was not used to
monitor the progress of the private firms undertaking the work,
so that it could report back to the Care Record Board with early
problems and to keep track of expenditure. The project suffered
from the division between those who had some understanding of
the IT systems side of the project and the project directors who
appear to have no understanding of this, and had to rely on the
IT firms without any means of auditing them. The lack of scrutiny
in a project of this size appears to break the basic rules of
project management. When contracts were agreed with the IT providers,
there appears to have been laxity in allowing overspends to occur
and no strictly fixed budget or one with slight flexibility was
negotiated at the outset.
The failure to engage clinicians in the NHS
in the Project was another error and many GPs appear openly hostile
to the system, coming at the same time as the disruption of Choose
There have been so many reported problems that
public confidence in the ability to deliver a safe and confidential
system has now been shattered. It is therefore very important
that patients are reassured with practical examples of how the
record will operate to assure the confidentiality of their records.
Our conclusions are inferred from our own experience
when engaging with the Care Record Development Board Conference
and the inadequacy of their ability to give clear direction when
questioned. An idealised vision of the outcome and benefits of
the care record appears to have been at the expense of practical
delivery. However, we refer to the major criticisms of the Dossier
of Concerns dated 2 February 2007 by 23 academics, who refer to
poor project management and failure to pilot. Whilst we have been
tracking the Project at some distance, our observations concur
with this Report.
The lack of easily-accessible public information
about the electronic record is concerning. Any individual wanting
to find internet information needs to know where to looka
simple Google search does helpand even then it is difficult
or impossible to find up-to-date or helpful information. The Connecting
for Health or Department of Health websites need a section for
the public which gives a clear history of the project, planned
delivery dates, issues that have been raised and links to key
proposal and review documents.
The Patient Liaison Group, based on a member's
personal experiences, has concerns about the accuracy of the information
that is being put on the record and, in the clinical setting,
the ability of trainee doctors to interpret and use the information.
Therefore in addition to checking and confirming a patient's ID,
their past history be checked with the patient or their representative
as far as possible.
Membership is made up of 12 lay people and six
surgeons, with two other ex officio surgeons. The lay chair
is an invited member of College Council. The Group has a full-time
administrator funded by the College, access to advice from other
College staff and is able to link with the President as required.
Lay members are recruited nationally via the press and formal
interview. They have direct extensive experience of being surgical
patients, family carers of surgical patients and/or membership
of patient organisations. Maximum membership of five years ensures
regular new members but is long enough for members to develop
extensive knowledge of College work and of health policy.
Lay members represent the Group on approximately
35 other committees and working parties, inside and outside the
College. The Group is strongly supported by its surgical members
who provide extra insight into the NHS and advice. The Group frequently
responds to consultation documents, both under its own name and
as contributions to College responses. It develops some of its
own work to further its aims, for example a review of research
into communication skills and a forthcoming guide to help surgeons
improve their patients' journeys. It belongs to and works with
the Patient Liaison Group of the Academy of Medical Royal Colleges.
It produces a bi-annual newsletter as an information link and
source of feedback between the Group, patients and the College
What patient information will be held on the new
local and national electronic record systems, including whether
patients may prevent their personal data being place on the systems
1. Patients may not wish certain illnesses
to be on the spine, but difficult decisions and rules will need
to be made where the disclosure of certain conditions will be
necessary to protect healthcare workers, in the event that they
care for the patient in an emergency situation. This would include
perhaps HIV status and mental health status, where the patient
might pose a risk to staff. Some of these sensitive diagnoses
might also need to be included as they would affect possible medications
which could be given in an emergency.
2. The "sealed envelope' had not been
fully thought through at the Conference in 2005. Page 6 of the
2005 Care Record Review Document states that "there will
be limits to a person's ability to reduce their participation.
They will not be able to restrict entries when to do so would
put others in danger or put public health at risk. For example,
an accurately recorded history of violence towards health workers
would be included in both the Detailed Care Record and the Summary
Care Record regardless of the person's wishes'. However, patients
can opt out of the electronic record system, and, in these circumstances,
an alert would record that there was missing data. It would be
up to the person to agree to share the information with the healthcare
professional treating them. This appears contradictory if the
system is to protect healthcare workers. Full, or at least fuller,
development of the sealed envelope by now would have enabled more
confidence in the confidentiality and effectiveness of the whole
3. Information is to be stored anonymously
using an NHS number, and there is potential for errors. Where
some communities share the same surname, the use of electronic
access to records must not substitute the additional check of
confirming the identity of the patient who presents for treatment.
Who will have access to locally and nationally
held information and under what circumstances
4. It is stated that those accessing a patient's
records must have a "legitimate relationship' with them which
means they are directly involved in the care of the patient. Another
problem which emerged at the Conference was the issue of patients
being moved around the hospital to other wards, who then took
over the legitimate relationship or of tests arriving at the old
department which the patient had just left.
5. The NHS Connecting for Health Shared
Care Record Review DocumentRevised Version for Discussion
released on 29 July 2005 was suitably vague on the use of the
Record by other agencies, stating on pagg 3 that: "However,
for more complex care, it will sometimes be necessary for several
organisations to access all or parts of each other's contributions
to the Detailed Care Record and perform other functions that are
made easier by shared access to the Detailed Care Record such
as ordering tests. This wider access will require explicit consent
at first; in time it may be agreed that some such access can be
implicit." This is typical of the vagueness of language which
tells stakeholders nothing of what might actually be envisaged.
6. It is to be noted that the above document
at 4 2.2. states that the summary care record may include components
from a dental practice and so on. There is also mention of input
from an optician, where early signs of eye disease were detected.
This latter input seems inappropriate as they should refer the
patient to a GP and onward to an Eye Clinic if they suspect eye
7. There will always be concerns that governments
will grant access to electronic data to bodies other than those
originally intended to have it, and that databases store data
they don't necessarily need. There should be stronger reassurances
and liaison with the public and a body which represents the public's
interests so that use of information is agreed to. Individual
permission must be sought from members of the public if data is
to be shared for example with insurance companies, but also use
of anonymised group data, or traceable group data, must be agreed
by a group representing and accountable to the public, and must
follow legal process.
Whether patient confidentiality can be adequately
8. Whilst the Care Record Guarantee Document
gives broad statements in safeguarding patient privacy and confidentiality,
it remains a theoretical document.
9. When attending the Care Record Development
Board Annual Conference in 2005, it was noted that confidentiality,
privacy and security were issues of importance to patient representatives
in attendance. However, there were no practical demonstrations
of how this might be assured in the working environment. No demonstrations
were given by IT experts. Participants were assured that the firewall
and audit trails for misuse were in place. This was not convincing
and we had to take this on faith with our questions remaining
unanswered. Confidence has now been eroded to such an extent that
the onus lies on the Care Record to prove itself a safe and confidential
system of holding and exchanging information on patients.
10. The use of a smartcard by healthcare
staff with chip and pin and personal identification number appears
to have no safeguards which would prevent the sharing of cards
and security codes between staff in a busy department. The audit
trail (Caldicott Guardian) would not be able to identify
misuse by this means where a card was shared between individuals.
The July 2005 Care Record Review Document Page 5 states that "although
there has been considerable work in this area already, there needs
to be further work in order to define more clearly who will be
able to see what." Recent press reports of healthcare staff
sharing computer logins for access to patient data are disturbing
and undermine confidence. There is no point in having levels of
access for different staff, sealed envelopes and audit trails
if logins are shared.
11. A National Information Governance Board
was launched in December 2006 to look at the quality of information
governance and give advice on confidentiality and security of
patient information. Again, this should have been dealt with much
earlier in the project.
How data held on the new systems can and should
be used for purposes other than the delivery of care eg clinical
12. The Patient Record does allow great
opportunity for the accumulation for research purposes of anonymised
patient data on medication use etc. Anonymised data should be
used without the need to gain permission from patients. However,
if research is not anonymised, then patients should give permission
for disclosure by the process of informed consent. An audit trail
should be in place for data extraction and retention for research
13. The records also have a role in tracking
public health issues and alerting doctors and patients to forthcoming
vaccination and test dates.
14. Please see concerns raised in paragraph
Current progress on the development of the NHS
Care Records Service and the National Data Spine and why delivery
of the new systems is up to two years behind schedule
15. There are many issues which remain underdeveloped
as this project progresses. The summary care record or spine will
be in text and then transferred over to codes. There may be problems
with codes in their ability to be interpreted in the same way
by differing healthcare professionals. They may also not reflect
the complexities of clinical information. This was discussed but
no resolutions proposed at the Conference. It may be that time
has been spent in resolving this problem?
The examples used always refer to the positive
aspects of the Care Record for particular patients, and not where
difficulties might arise.
16. At the Conference in 2005 questions
on the impact of system failure were brushed aside with assurances
that there was a good backup system. We can only wonder why stakeholders
were not given more detailed explanations of the back-up system,
and whether the project leads might have taken the assurances
of the IT companies on this issue at face value.
17. Training issues for the input and use
of the system must have slowed up the project. The record will
only be as good as those who input the information accurately.
We would pose the question as to whether this aspect of the project
was sufficiently addressed and planned earlier on in the project,
in the light of the data loss which has occurred.
18. The core question appears to focus on
the supervision and monitoring of the ability of the IT companies
to deliver so complex a system.
19. The delivery of the system is now dependent
upon publication to the public of their right to view their record.
If patients take no action in this regard, it will be assumed
that implicit consent has been given for their details to be held
on the spine and detailed record. This is a worrying precedent
for all issues of consent with regard to the holding of data on
an individual. We also wonder whether, in fact, assent by inaction
is giving valid informed consent as the patient needs to be fully
informed. Some patients may be abroad or miss the publicity announcements.
We would like our concern to be noted.
Chairman, Patient Liaison Group,
Royal College of Surgeons of England
15 March 2007