Memorandum submitted by the British Medical
The British Medical Association (BMA) welcomes
the opportunity to submit evidence to the Home Affairs Committee
inquiry into "A Surveillance Society?".
The enclosed response focuses on the situation
in England and includes input from the BMA's Working Party on
NHS IT, the Patients Liaison Group (PLG), the Medical Ethics Committee
(MEC), the Joint GP IT Committee of the General Practitioners
Committee (GPC) and the Royal College of General Practitioners
(RCGP), the Central Consultants and Specialists Committee (CCSC),
the Junior Doctors Committee (JDC), the Medical Students Committee
(MSC), the Staff and Associate Specialist Committee (SASC), the
Forensic Medicine Committee (FMC) and the Medical Academics and
Specialists Committee (MASC).
1. The British Medical Association (BMA)
is an independent trade union and voluntary professional association
which represents doctors from all branches of medicine all over
the UK. It has a total membership of over 138,000.
2. The area of this inquiry on which the
BMA would like to comment is that of the Department of Health's
planned NHS Care Record Service which will give access to the
medical and care records of patients across different NHS organisations.
The already available information includes demographic details
and is also due to include medications, prescriptions, social
information and details of all medical interventions. The BMA
supports the greater sharing of healthcare information between
healthcare professionals to support patient care. We have concerns,
however, over the implications of patient databases being used
in the fight against crime or being abused by criminal access.
3. Since 1996 the police have had access
to the Prescription Pricing Authority database. Although access
to medical records by the police is currently possible in certain
circumstances, in practice, it is a complex procedure to view
a patient record and there is no direct police access to a database.
Currently, access to a patient record requires knowledge of who
the patient's GP is and then a Police and Criminal Evidence (PACE)
production order from a judge if it can be proved that the material
may be relevant evidence. This is still no guarantee that information
will be available as treatment may have taken place in a variety
4. Due to the existence of the Personal
Demographics Service (PDS), patient demographics are available
already through one point of contact. After the implementation
of the NHS Care Records Service, this data will be hugely supplemented.
This must not alter existing policy and guidance on disclosure
of information to the police.
NHS Connecting for Health has frequently publicly stated that
police and other agencies will not have direct access to NHS data
or to the new NHS database. There is much public mistrust and
the BMA would strongly resist moves to allow direct access.
5. The BMA welcomes the decision to exclude
NHS patient records from the Serious Crime Bill.
6. The primary function of the NHS Care
Records Service is to provide care for patients and the BMA would
strongly oppose any plans to allow other government agencies access
to the NHS Care Records Service, for example, the Home Office.
There are other more appropriate routes for information sharing,
when necessary, with these agencies. Allowing other agencies access
would undermine trust in the system and the doctor/patient relationship.
If patients are fearful that their healthcare information will
be accessed by other agencies, they may withhold information,
which could jeopardise their care and which could also have far
greater public health implications. A further public health implication
(besides patients withholding information that may put others
at risk) is that if trust is lost in the system and information
withheld, then incomplete or inaccurate data may be recorded that
not only threatens individual patient care, but also the use of
aggregated data for health services planning and epidemiological
7. The BMA has expressed concerns about
healthcare information being included on identity cards to the
Home Office. The BMA believes there should be no health information
on identity cards for reasons of confidentiality and accuracy
of the information.
8. No system is ever one hundred per cent
secure and a potential threat remains from hackers. The BMA believes
that the technical security arrangements for the NHS Care Record
Service provide a sound basis requiring only modest changes to
provide the technical support required to meet confidentiality
standards. Following testing, any system must be carefully piloted
in order to evaluate whether safeguards are strong enough.
9. With all databases it is important that
the general public are properly informed about how their data
will be held so that, if they have concerns, they can make alternative
arrangements for their data, where appropriate.
10. There is a real difficulty in detecting
inappropriate access to confidential medical records. The traditional
audit trail requires IT experts to examine an individual record
and then attempt to discover whether access was necessary. Without
involving professionals in confidentiality and audit, we do not
see this as a realistic check.
11. Alerts will be an important confidentiality
control providing some reassurance to patients that inappropriate
access to summary and detailed records will be identified and
addressed. They will also provide an important deterrence to staff
from accessing confidential information where the circumstances
do not justify it. Alerts will only be effective if action is
taken when appropriate. We note that a commitment that all alerts
are reviewed is included in the Care Record Guarantee (Commitments
11 & 12).
The BMA consider that this review process will be very important
to protect confidentiality and promote public confidence in the
12. The BMA has already raised concerns
with NHS Connecting for Health over the funding and resourcing
of Caldicott Guardians and privacy officers. The BMA welcomes
the establishment of the Caldicott Guardian Council, and the recent
publication The Caldicott Guardian Manual 2006. We have
not yet seen any plans put in place to make any realistic estimates
of the numbers involved, or to consider the resources that will
be necessary to service them, and budget for additional resources
if necessary. Without such an exercise, the BMA is concerned that
local NHS organisations, and in particular their Caldicott Guardian
functions, will be inundated and forced to ignore many alerts
and therefore undermine a key confidentiality control. We understand
that NHS Connecting for Health is currently undertaking a review
of how the Caldicott Guardian roles will operate in consultation
with Trust's and PCT's. This needs to be clarified if there is
to be public and clinical confidence in the system.
13. Criminals will have ways of attempting
to access the system which may include bribing NHS staff or telephoning
staff and pretending to be a patient or healthcare professional
to access the record. Our concerns are that this will become easier
as the numbers who can access a record are increased with a staff
member being able to access any NHS patient's record, including
address, health and social details and other sensitive information.
Strict protocols must be in place to identify any telephone callers
eg asking what organisation they belong to, the reason for requesting
information and their organisation's telephone number for the
NHS staff member to ring back.
14. There must be strict penalties for anyone
who attempts to inappropriately access the NHS Care Records Service
both from within the NHS and from hackers. We would recommend
that staff found to have deliberately breached the confidentiality
code should face strong disciplinary action.
74 Both the BMA and the GMC have produced guidance
on allowing third party access to health records. Back