- Tony Delamothe, deputy editor, BMJ
Data on patients don’t assemble themselves. Someone collects them. The question is: who then owns the data—the people who collected the data, or the people who the data were collected from? Some years ago, researchers’ arguments that such data were theirs to release or withhold as they pleased didn’t convince me. Eventually I decided that the data belonged to research participants, and it was they who should control the data’s subsequent fate (BMJ 1996;312;1241).
Does this formulation work for medical records? Is the information record about a patient his or her property? Ownership and control of such records have recently achieved prominence because of the acceptance that soon all patients will have electronic records, just as they do electronic banking accounts.
In his feature, Peter Davies explains that, historically, medical records have been regarded as the property of clinicians or their institutions (doi:10.1136/bmj.e4905). Will opening up the record represent a profound cultural shift for the UK’s doctors, as some claim? If so, you wonder where they’ve been. As Davies points out, patients have had the right to read their paper records since the 1990s. Antenatal patients have been carrying their notes around for years (as have private patients). Copying referral letters to patients has long gone from fringe activity to best practice.
Remaining doubters should read Davies’s account of Intermountain Healthcare’s experience of patient controlled records, which dates back to the 1990s. Its 22 hospitals and 185 clinics now offer patients virtually complete access to their data and must justify holding anything back. The system seems to works for patients and clinicians.
In his Personal View article, Mohammad Al-Ubaydli develops the arguments for a “personal health record”: an electronic record that is controlled by the patient rather than the institution (doi:10.1136/bmj.e5575). Although he has strong competing interests (his company sells patient controlled record systems) he makes a convincing case that records should match the rhetoric of “patient centred care.”
He writes: “The number of connections in a network necessary for integrated care goes up exponentially if the connections are institution to institution, but only linearly if they go through the patient (a hub). In other words, only the latter approach can cope with the networks of care of modern medicine. Furthermore, each institution may have its own system, incompatible with others. Clinicians will rightly hesitate to share data with non-clinical staff like social workers, teachers, charities, and relatives, but these parties may be important for the patient’s health. There are also formidable legal difficulties with institutions sharing data about patients. Patients, by contrast, can quickly and usefully consent for data sharing if they are in control.”
In her blog, Tessa Richards recommends the latest report from the Patients Information Forum for its description of current models of personal health records, ranging from “read only e-access,” via “real time unfiltered, read, and annotate,” to “full fusion of personal health information” (http://bit.ly/NDOjHJ).
But there’s a worm in the bud. The return of Julian Assange to public prominence, and the steady drip feed of arrests of journalists from News International, reminds us of an uncomfortable truth: nothing in digital format can be kept truly safe from prying eyes (doi:10.1136/bmj.c5190).
So as we accept the inevitable shift to electronic patient records, with patients ever more in control, we need to insist that records include clear audit trails showing who has accessed them, when, and why. (And that spooky government agencies aren’t given a free pass.)
Cite this as: BMJ 2012;345:e5678