Previous Section Index Home Page

21 Feb 2008 : Column 165WH—continued

That has been happening, sort of sotto voce, in the Department anyway.

Jeremy Wright: My hon. Friend is entirely right, and that underlines the need for a review. The Committee says that it rejected a review on a number of grounds, one of which was that it expected the Government to engage in further reviews internally and to publish the results. It indicated that it would like to know, and have available in the public domain, the result of any assessment of the system’s security implications. In their response, the Government indicated clearly that they were not prepared to make such information available. The case for a review seems stronger now than it has ever been.

21 Feb 2008 : Column 166WH

Even if the security and safety of the system was not a big issue and foremost in the Committee’s mind when its investigation began, it must surely be so now. We need to be concerned about not just an organised attack on the database but what might be described as a disorganised attack. That is where we come to the events of the past few months. I agree entirely with the hon. Member for Staffordshire, Moorlands (Charlotte Atkins) that it would be much better if we did not have to consider the issue against the background that we now must, but we cannot escape the fact that people outside this place will assess the likely utility and safety of the NHS databases against the Government’s capacity properly to manage data on everyone from children to criminals, which has been called seriously into question. Patients will need serious reassurance that they should entrust sensitive medical information to a central database.

Dr. Richard Taylor: I can say this because I do not belong to any party, whereas it might be difficult for others: I am sad that we are having this debate now, because we should have had it in the Committee. From memory, nobody was there to put the case as strongly as the hon. Gentleman has.

Jeremy Wright: I think that I have dealt with why the report was not unanimous as fully as you would wish me to, Mr. Weir. I agree with others that it was regrettable that that was the case, but it would not be productive now to go into why it was. However, we can have the argument today, and I am happy to engage in it.

In discussing whether there should be a review, it is right to say that the Minister should commit to finding a way to deal with the genuine concerns about the security of the system. I accept that there will inevitably be operational constraints to explaining in detail what might be wrong with its security, and we can all understand the obvious reasons for that, but I am sure that it is not impossible for the Minister to undertake that the public can be reassured in some detail about why they should have confidence in the database. Otherwise, it seems to me that they will not.

It is not just patients who need reassurance about the Government’s competence to handle data properly. The hon. Member for Romsey (Sandra Gidley) made that point. I am sorry to have to tell her that doctors’ confidence in that has got even worse since the surveys that she mentioned. The most recent that I have seen, conducted by the BMA, I believe this month or perhaps at the end of last month, asked:

Some 93 per cent. of respondents said no, so there is clearly a problem.

I wish to deal with some elements of the electronic patient record in a little more detail, and I hope the Minister will be able to assist with some of them. The first is the personal demographics service. I understand that patients cannot opt out of it and ask that their biographical data should not be logged on the system. Given its nature, one assumes that that information will be accessed by clinicians frequently, which will create an audit trail. Much along the lines of the point that the hon. Lady made on medication, viewing that audit trail and understanding which clinicians have accessed a particular patient’s information will give the educated
21 Feb 2008 : Column 167WH
observer good clues to the conditions from which a patient might be suffering. Will the Minister tell us to what extent that audit trail will be accessible and viewable?

Others have mentioned the summary care record, and again I return to a point that the hon. Lady rightly made. Some of the information registered on the SCR with implied consent, especially on medications, will allow the educated observer to draw certain conclusions. She gave one example, and others might be antiretrovirals and even antidepressants. I can imagine that the Minister might say that people in the position that the hon. Lady described could say, “I do not wish to have a summary care record at all.” I understand that, but I share her concern and that of others who have spoken that it might not be apparent to patients that they have that option. It seems incumbent on the Government to ensure that it is made clearly available to patients, so that they can take it if they wish.

If patients were to decide to secure certain information privately and not have it disclosed, they would do so using the so-called sealed envelope technology that has been talked about. The Government rely heavily on the existence of that technology to reassure patients that information that they do not want widely accessed will not be. It is therefore concerning, as the Committee has said, that the technology is not yet ready. Surely it would have been better to conduct the pilot schemes of the system when that technology was available, so that it could be tested in its entirety. As has been observed today, the pilots are already two years late. As the hon. Lady said, we discover from the Government’s response to the report that NHS Connecting for Health issued detailed specification for local sealed envelopes to suppliers only on 3 April. As she said, it would be helpful to know what took it so long.

Can the Minister confirm that the national roll-out of the summary care record will therefore begin without the sealed envelope technology being available, and that it might not be available for the detailed care record until 2009, as indicated in the Committee’s report? We have no guarantee that that crucial aspect of the electronic patient record will work effectively, nor any real idea of when it will be ready.

The secondary users service has also been mentioned. I must say straight away that I recognise the huge value of more information being available for medical research, but I hope that the Minister can deal with some specific concerns about it. Can he confirm that patient information goes to the secondary users service in a non-anonymised, non-pseudonymised form, and that it for the SUS to make it anonymous or to pseudonymise it? It follows that any leak of information from the SUS would be in a form by which individuals could be identified. There needs to be clarity on that, because people will be concerned about it and we would all appreciate some reassurance.

Contrary to the report’s recommendation in paragraph 121, the Government clearly intend to make information in sealed envelopes available for research. Apart from the concerns that have already been expressed, one possible outcome is that an individual who is unwilling to allow their medical information to be used for a specific form of medical research of which they strongly disapprove will be unable to prevent that from happening.

21 Feb 2008 : Column 168WH

Those are important questions of detail, but I return to the larger questions raised by the subject of the report. As I have said, we support the principle of using technology to improve patient care. There is no doubt that in some areas, that is already being done very well, but in the crucial field of electronic patient records, both patients and clinicians must have full confidence in the system.

Patients need to know what their information is to be used for, and must understand how to protect that which they do not want to be shared widely. They need to know whether their information will be shared with Government Departments outside the NHS, and, if so, to what extent and for what purpose. It would be extremely useful if the Minister were clear on that today. They also need to know that the system will be resilient to attack.

If patients are not sure of those things, they will, as the hon. Member for Staffordshire, Moorlands rightly pointed out, be reluctant to provide information. As a result, the doctor-patient relationship and the cause of medical research will suffer. Patients and clinicians need to be persuaded of all that against a background, I am afraid, of serial, large-scale incompetence on the Government’s part in the management of personal data. That is why the Government have much to do to make the system successful.

4.50 pm

The Minister of State, Department of Health (Mr. Ben Bradshaw): We have had a full and detailed debate on a thoroughly researched and helpful report by the Health Committee. I congratulate the Committee on its work on the report, under the chairmanship of my right hon. Friend the Member for Rother Valley (Mr. Barron). I welcome both the report’s recognition that the introduction and use of electronic patient records will benefit patients, and the political consensus on that today.

The Government’s response to the report made it clear that we agree with its fundamental recommendations. As I am sure hon. Members have read, we accept the vast majority of the report’s recommendations. The hon. Member for Wyre Forest (Dr. Taylor) seemed rather to regret that we did not agree to things that were not recommended. I think he will find that we did agree but did not say so because the points in question were not specific recommendations. However, I shall come to that later.

We particularly agreed with the Committee’s view that the implementation of patient records is

That is the approach we are taking with the SCR early adopter sites, the results of which are being evaluated independently, before any national roll-out, to ensure that the best possible solution is available across England.

Both my right hon. Friend and the hon. Member for Rugby and Kenilworth (Jeremy Wright) spoke about data security in the NHS. We well understand people’s concerns about data security, particularly of medical records. I remind hon. Members that none of the recent data loss incidents that have occurred since the recent heightened public concern following the Revenue and Customs missing discs in November 2007 have had
21 Feb 2008 : Column 169WH
anything to do with the national programme for IT. I am sure that members of the Committee were told by Richard Granger in their evidence session that NPfIT has a particularly high level of security, as one would expect—it is much higher than for banking. Special rules apply, banning the holding or processing of data overseas, which is quite common in the private sector and other areas of government. That is because of the strong concerns of Richard Granger and Ministers about the sensitivity of medical data.

Mr. Bacon: Will the Minister confirm that many patient records are being processed in Egypt? GPs are transferring paper records to a company that is processing them in Egypt.

Mr. Bradshaw: I cannot confirm that. I can confirm that there is a difference between the security requirements for NPfIT and what individual trusts do with some of their data. However, strict data-protection laws apply to trusts, and there are strict rules on the responsibilities of trusts’ chief executives to ensure that data are processed in line with the regulations. I shall respond later to my right hon. Friend’s questions about the sanctions that have been used against people who have breached data protection laws.

In light of concerns following the recent publicity about the Revenue and Customs’ data loss, the chief executive of the NHS, David Nicholson, wrote to all NHS chief executives at the start of the year to remind them of their legal duties, which I have just mentioned. The Government strongly support the Committee’s recommendations about having stiffer penalties for breaches of the Data Protection Act 1998. The Department recently wrote to the head of the civil service, who is conducting a review of data processing and collection across government, repeating our support for an increase in penalties for breaching the Act.

Access to patient care records will be available only to authorised NHS health care professionals, who must be both authenticated users and members of the health care teams directly involved in delivering the relevant patient’s care. Patients will have far more control over who may see their information than they have ever had. They have several options, which have been developed following the research and consultation that we conducted in advance of the early adopter areas. They can choose not to have an SCR at all, to direct that controls are set to prevent data sharing, or to have their address and contact numbers hidden, so that they are not available to NHS staff.

In the early adopter sites, public reaction has been favourable. I regret that the Committee did not have the chance to go and look at them, and I strongly urge them to do so if they get the chance. There is also a very good 10-minute DVD, which I had time to watch this morning, featuring patients and clinicians who have been involved in the early-adopter sites. One such GP was very sceptical of the system at the start, but she has become a convert now that she has got into it. If Committee members do not have time to travel to the relevant areas, they might at least watch that DVD, which I found very informative. So far, in those areas, only 0.64 per cent. of patients mailed about the options have chosen to exercise the opt-out. It is completely different from the situation in
21 Feb 2008 : Column 170WH
Hampshire that the hon. Member for Romsey (Sandra Gidley) has described. They have gone to great lengths to ensure that patients are aware of their rights, by posting information, talking to them individually and helping them with any questions. For example, a special helpline has been set up to talk people through the options.

Jeremy Wright: I am sure that the Minister accepts that someone might decide, on balance, to have an SCR rather than not have one, because they feel that their concerns are outweighed by the advantages of having such a record. It would not be right to use the statistics that he quoted to eliminate the possibility of people’s concerns. Those concerns are real.

Mr. Bradshaw: I am well aware of that, which is why we have gone to such great lengths with the early adopter sites to ensure that people are aware of what is happening and what the possible implications are. I was going to discuss this later, but I will deal with it now. My right hon. Friend mentioned that the Committee had visited Canada on its travels. I believe that Canada started with an opt-in system, but found that it did not work and has since changed to an opt-out system. We all make decisions on the balance of judgment, but in the overwhelming majority of cases, patients have thought through the issues and realised that the benefits far outweigh the risks and concerns.

The hon. Members for Romsey and for South Norfolk (Mr. Bacon) both asked about delay. We accept that there have been delays, not only in the roll-out of summary care records, but in the whole NHS IT programme. It is important to put on record that those delays were not because of problems with supply, delivery or systems, but pretty much entirely because we took extra time to consult on and try to address record safety and patient confidentiality, and we were absolutely right to do so.

Let me turn to one or two of the recommendations made by the Committee with which we did not wholly agree. I will not go over the benefits of the NHS IT roll-out in general, or the summary care record in particular, at great length, because I think that most hon. Members here, even those Opposition Members who are critical of some aspects of the implementation of the IT roll-out, agree with the roll-out in principle. It has helped to save lives, money and time, and health care has been improved; those are benefits of the roll-out that I think we would all accept as a given.

The Government do not agree with one recommendation by the Committee, which is on the issue of sealed envelopes going to the secondary user service. We have put in robust safeguards. As we made clear in our response to the Committee’s report, consent is required, except for data that have been anonymised or data that are otherwise not identifiable as coming from any individual.

The primary purpose of the NHS care records service is to support the delivery of care to patients. As my right hon. Friend the Member for Rother Valley has said, one of the reasons why the NHS is world class in its research is because it is a national service and data are shared to help clinicians and medical science in general. The NHS also needs information, as has been pointed out by some hon. Members, for management
21 Feb 2008 : Column 171WH
and clinical purposes. The briefing that we received from the Royal College of Nursing also pointed that out, stating that such information can help to resolve work force issues and priorities, such as issues about commissioning, public health, clinical audit, benchmarking, performance improvement, research and clinical governance.

Wherever possible, the information provided through a secondary user service will be extracted automatically as a by-product of NHS services supporting direct patient care. The aim is for that data to be made available either in aggregate form or, where detailed information is provided, in anonymised or pseudonymised form. This process removes patient-identifiable information and allocates a consistent pseudonym, so that individual cases can still be tracked but only with explicit approval.

Permission to access the aggregate data is required from an expert group, called the Patient Information Advisory Group, which was set up under the Health and Social Care Act 2001. That group assesses each application to test that the use of patient information is justified, taking into account issues of confidentiality and consent. Access to the secondary users service requires each user to be formally registered and to use individual smart card access, as is the case with other systems in the national programme for IT in the NHS. Each user is allocated a role that determines their functions, such as the reports they can access, and the organisation or geography of data that may be accessed. Key user activities—for example, performing an extract—are logged. That security will enable the huge potential benefits available from research, statistics and management to be harnessed and realised without compromising confidentiality or security.

In light of the concerns raised today by my right hon. Friend the Member for Rother Valley, who is Chairman of the Health Committee, including his continuing concerns about the issue of sealed envelopes and the use of that type of data, we will, of course, continue to keep the process under review as we move forward from the stage of the early adopter sites to a more national roll-out.

Mr. Barron: Will my hon. Friend the Minister let us know exactly what stage the specifications are now at with the sealed envelopes? At some stage, we may want to take evidence on that single issue in relation to how the system is developing and how it will be used.

Mr. Bradshaw: I will have to write to my right hon. Friend on that specific question about specifications; I have the answer here somewhere in my notes, but I cannot find it now.

Mr. Barron: Perhaps the Minister will share that answer with Opposition Members, too.

Mr. Bradshaw: I will do that when I write to my right hon. Friend.

Next Section Index Home Page