The British Medical Association (BMA) welcomes the opportunity to submit evidence to the Home Affairs Committee inquiry into "A Surveillance Society?".

  The enclosed response focuses on the situation in England and includes input from the BMA's Working Party on NHS IT, the Patients Liaison Group (PLG), the Medical Ethics Committee (MEC), the Joint GP IT Committee of the General Practitioners Committee (GPC) and the Royal College of General Practitioners (RCGP), the Central Consultants and Specialists Committee (CCSC), the Junior Doctors Committee (JDC), the Medical Students Committee (MSC), the Staff and Associate Specialist Committee (SASC), the Forensic Medicine Committee (FMC) and the Medical Academics and Specialists Committee (MASC).

  1.  The British Medical Association (BMA) is an independent trade union and voluntary professional association which represents doctors from all branches of medicine all over the UK. It has a total membership of over 138,000.

  2.  The area of this inquiry on which the BMA would like to comment is that of the Department of Health's planned NHS Care Record Service which will give access to the medical and care records of patients across different NHS organisations. The already available information includes demographic details and is also due to include medications, prescriptions, social information and details of all medical interventions. The BMA supports the greater sharing of healthcare information between healthcare professionals to support patient care. We have concerns, however, over the implications of patient databases being used in the fight against crime or being abused by criminal access.

ACCESS BY PUBLIC AGENCIES TO PRIVATE DATABASES

  3.  Since 1996 the police have had access to the Prescription Pricing Authority database. Although access to medical records by the police is currently possible in certain circumstances, in practice, it is a complex procedure to view a patient record and there is no direct police access to a database. Currently, access to a patient record requires knowledge of who the patient's GP is and then a Police and Criminal Evidence (PACE) production order from a judge if it can be proved that the material may be relevant evidence. This is still no guarantee that information will be available as treatment may have taken place in a variety of settings.

  4.  Due to the existence of the Personal Demographics Service (PDS), patient demographics are available already through one point of contact. After the implementation of the NHS Care Records Service, this data will be hugely supplemented. This must not alter existing policy and guidance on disclosure of information to the police.[74] NHS Connecting for Health has frequently publicly stated that police and other agencies will not have direct access to NHS data or to the new NHS database. There is much public mistrust and the BMA would strongly resist moves to allow direct access.

  5.  The BMA welcomes the decision to exclude NHS patient records from the Serious Crime Bill.

DATA-SHARING BETWEEN GOVERNMENT DEPARTMENTS AND AGENCIES

  6.  The primary function of the NHS Care Records Service is to provide care for patients and the BMA would strongly oppose any plans to allow other government agencies access to the NHS Care Records Service, for example, the Home Office. There are other more appropriate routes for information sharing, when necessary, with these agencies. Allowing other agencies access would undermine trust in the system and the doctor/patient relationship. If patients are fearful that their healthcare information will be accessed by other agencies, they may withhold information, which could jeopardise their care and which could also have far greater public health implications. A further public health implication (besides patients withholding information that may put others at risk) is that if trust is lost in the system and information withheld, then incomplete or inaccurate data may be recorded that not only threatens individual patient care, but also the use of aggregated data for health services planning and epidemiological research.

  7.  The BMA has expressed concerns about healthcare information being included on identity cards to the Home Office. The BMA believes there should be no health information on identity cards for reasons of confidentiality and accuracy of the information.

EXISTING SAFEGUARDS FOR DATA USE AND WHETHER THEY ARE STRONG ENOUGH

  8.  No system is ever one hundred per cent secure and a potential threat remains from hackers. The BMA believes that the technical security arrangements for the NHS Care Record Service provide a sound basis requiring only modest changes to provide the technical support required to meet confidentiality standards. Following testing, any system must be carefully piloted in order to evaluate whether safeguards are strong enough.

  9.  With all databases it is important that the general public are properly informed about how their data will be held so that, if they have concerns, they can make alternative arrangements for their data, where appropriate.

MONITORING OF ABUSES

  10.  There is a real difficulty in detecting inappropriate access to confidential medical records. The traditional audit trail requires IT experts to examine an individual record and then attempt to discover whether access was necessary. Without involving professionals in confidentiality and audit, we do not see this as a realistic check.

  11.  Alerts will be an important confidentiality control providing some reassurance to patients that inappropriate access to summary and detailed records will be identified and addressed. They will also provide an important deterrence to staff from accessing confidential information where the circumstances do not justify it. Alerts will only be effective if action is taken when appropriate. We note that a commitment that all alerts are reviewed is included in the Care Record Guarantee (Commitments 11 & 12).[75] The BMA consider that this review process will be very important to protect confidentiality and promote public confidence in the NHS CRS.

  12.  The BMA has already raised concerns with NHS Connecting for Health over the funding and resourcing of Caldicott Guardians and privacy officers. The BMA welcomes the establishment of the Caldicott Guardian Council, and the recent publication The Caldicott Guardian Manual 2006. We have not yet seen any plans put in place to make any realistic estimates of the numbers involved, or to consider the resources that will be necessary to service them, and budget for additional resources if necessary. Without such an exercise, the BMA is concerned that local NHS organisations, and in particular their Caldicott Guardian functions, will be inundated and forced to ignore many alerts and therefore undermine a key confidentiality control. We understand that NHS Connecting for Health is currently undertaking a review of how the Caldicott Guardian roles will operate in consultation with Trust's and PCT's. This needs to be clarified if there is to be public and clinical confidence in the system.

POTENTIAL ABUSE OF PRIVATE DATABASES BY CRIMINALS

  13.  Criminals will have ways of attempting to access the system which may include bribing NHS staff or telephoning staff and pretending to be a patient or healthcare professional to access the record. Our concerns are that this will become easier as the numbers who can access a record are increased with a staff member being able to access any NHS patient's record, including address, health and social details and other sensitive information. Strict protocols must be in place to identify any telephone callers eg asking what organisation they belong to, the reason for requesting information and their organisation's telephone number for the NHS staff member to ring back.

  14.  There must be strict penalties for anyone who attempts to inappropriately access the NHS Care Records Service both from within the NHS and from hackers. We would recommend that staff found to have deliberately breached the confidentiality code should face strong disciplinary action.

April 2007

75   http://www.connectingforhealth.nhs.uk/crdb/docs/crs-guarantee Back