Do summary care records have the potential to do more harm than good? Yes
BMJ 2010; 340 doi: https://doi.org/10.1136/bmj.c3020 (Published 16 June 2010) Cite this as: BMJ 2010;340:c3020
All rapid responses
Rapid responses are electronic comments to the editor. They enable our users to debate issues raised in articles published on bmj.com. A rapid response is first posted online. If you need the URL (web address) of an individual response, simply click on the response headline and copy the URL from the browser window. A proportion of responses will, after editing, be published online and in the print journal as letters, which are indexed in PubMed. Rapid responses are not indexed in PubMed and they are not journal articles. The BMJ reserves the right to remove responses which are being wilfully misrepresented as published articles or when it is brought to our attention that a response spreads misinformation.
From March 2022, the word limit for rapid responses will be 600 words not including references and author details. We will no longer post responses that exceed this limit.
The word limit for letters selected from posted responses remains 300 words.
The purpose of the SCR is to provide clinical information to support
patient care. A priority is to support unscheduled care. However, subject
to the patient consent, the SCR could contribute to improved patient care
in a wide variety of clinical settings. As a GP, I can deal with a patient
much more efficiently and safely if I have access to medical records. Even
basic information such as medication and allergies is helpful but, as
additional information becomes available e.g. hospital discharge
summaries, the value of SCR will be enhanced.
The SCR is a collection of clinical documents from different sources
although only the GP summary document is currently available. Each of
these documents remains the responsibility of the originator. None of
these documents is created in the SCR, so the issue of responsibility for
the SCR is a non-issue – responsibility for the component parts rests with
the originators. However patients do have significant control over their
SCR. They can have direct or indirect access to their SCR. They should be
involved in decisions about any additional information added by the GP
practice. They will be able to request that individual documents are put
in a sealed envelope so that only certain clinicians can access them with
specific consent. Finally if they are unhappy about any of the above they
can simply opt out of having a SCR.
Although the initial medication and allergy upload is regulated by an
opt-out process, explicit consent is required to actually access the SCR.
Control of access to the record has been criticised as being overly
complex. The UCL report cited this as one reason why the SCR was not
accessed more frequently. This is clearly an area worthy of attention but
it must be noted the problem was not that records were too readily
available – quite the reverse.
100% data quality is unachievable so inaccuracies in the SCR will
arise. The recent UCL report showed that clinicians use the SCR as well as
information gained directly from the patient. The UCL team could not find
any instances where a patient had come to harm from an inaccuracy in the
SCR. However the SCR does provide greater opportunities for inaccuracies
to be identified particularly if the patient accesses their own records.
The Finnish case does highlight the potential for loss of
confidentiality from abuse of electronic patient record systems.
Unfortunately all hospital systems in England could potentially be abused
in a similar way. However, the much higher level of security and
confidentiality controls in place for SCR along with the patient’s control
over SCR make it much less likely that the SCR would be the source of
leaked information in such a case.
The SCR represents a balance between availability and the security of
information which can no doubt be improved in the light of experience.
Hopefully such a potentially useful tool will be given the opportunity to
develop and to deliver similar benefits to those achieved in Scotland by
the Emergency Care Record.
Competing interests:
None declared
Competing interests: No competing interests
Prof Kitzinger's response adds to the 'legal worries' expressed by Ross Anderson.Non-inclusion of Advance Decisions in SCR is surely a serious issue and cannot be compatible, among other things, with a patient's rights per Mental Capacity Act 2005. So what's next?
Competing interests:
None declared
Competing interests: No competing interests
Three cheers for Prof Kitzinger.
It is odd that our professional organisations have not pointed out
the immorality of the patients being press-ganged in to the system if they
do not individually object to it. Her Majesty's Govt gives you a fortnight
to object. If you are, say, out of the country, your consent is assumed.
So much for the patient being in control. As far as I can recall, the
Parliament did NOT specifically legislate for this kind of record
collection. It will be, of course, a treasure trove for statisticians
(medical and non-medical). The journals will be flooded with papers.
Epidemiology and patients' rights are, in this case, incompatible.
JK ANAND (retired doctor).
Competing interests:
I have refused (in writing) to swallow this pill
Competing interests: No competing interests
The summary care record was, as Ross Anderson says, marketed to the
public as a way for A&E staff to check up on unconscious patients.
Envisaging such a scenario, the most important information I would want
staff to have is that contained in my Advance Decision, drawn up in
accordance with the Mental Capacity Act 2005, signed by witnesses and
lodged with my GP. It specifies the conditions under which I refuse CPR,
ventilation and other forms of life-preserving treatment.
Since the information leaflet about summary care records did not
mention Advance Decisions (which seemed an extraordinary omission), I
sought out more information about how they would facilitate A&E staff
access to them. The website referred to in the leaflet
(htpp://www.nhscarerecords.nhs.uk/faqs) has nothing on either Advance
Decisions (ADs) or Lasting Power of Attorney (LAPs). A phone call to the
NHS Care Records Service Information Line (0845 6038510) led to a
conversation in which the call-taker asked me "What is an Advance
Decision?" and - when I explained - advised me (wrongly) that as long as
my family knew what treatments I wished to refuse, all would be well.
Finally I wrote to the Chair of my PCT (East Riding of Yorkshire) and
received a response stating that Advance Decisions are not amongst the
"core information" initially included in summary care records. Apparently
only "medication, allergies and severe reactions" are to be included in
summary care records in the first stage. Advance Decisions are part of
subsequent possible "enrichment" programme. I was also horrified to read
that "The PCT does not provide training to its staff on ADs and LPAs"
(letter from Karen Knapton, 12 July 2010).
If the summary care record is of any practical use at all, it should
offer health care staff the opportunity to gain quick and efficient access
not only to information about patient medication and allergies but also
about our advance refusals of medical treatment in circumstances - such as
unconsciousness - in which we are unable to communicate these ourselves.
This opportunity has been missed and those of us who have Advance
Decisions are left feeling anxious and dismayed that summary care records
may make available just enough clinical information to keep us alive
against our wishes.
I have of course withheld permission for my own clinical data to be
transferred to a summary care record. The broader issue is the apparent
lack of awareness about patients' right to make advance refusals of
medical treatment, and the national implementation of a system of summary
care records designed in such a way as to ignore and override that right.
Competing interests:
None declared
Competing interests: No competing interests
Prof Anderson's revelation that "CfH mailshot did not set out the issues clearly and did not include an opt-out form for patients to return" is indeed worrying. This suggests, the legal issues involved are far wider than security issues considered in I v Finland as there seems to be an attempt to circumvent the principle of informed choice and consent. Hope public-interest groups/organisations would take note of this increasingly important issue.
Competing interests:
None declared
Competing interests: No competing interests
The legal argument has been dealt with by Professor Korff, but it
cannot be considered apart from the technology. It is not possible for a
record available to 850,000 people to "exclude any possibility of
unauthorised access" as the law requires, and it is sophistry for SCR
advocates to argue that each of these 850,000 users is "authorised"
because they have an NHS smartcard. Even if you accept the current
"consent-to-view" model, access is only authorised if the patient has
given consent. Cardholders without patient consent are unauthorised, and
the system must prevent them from getting access, rather than merely
relying on their good behaviour. Furthermore, the Greenhalgh report tells
how as a practical matter consent is often not sought in a busy A&E
department; the patient is not seen by one clinician but by many, often in
very short encounters.
The fact that privacy does not scale is the fundamental problem here,
and one about which advocates of national-scale electronic patient records
appear to be in denial. You may be able to trust the two dozen people who
work for a general practice to behave appropriately but this consent model
cannot scale to almost a million people in the NHS. The "consent-to-view"
model is unserviceable, national-scale records will need a rather
different architecture.
It is also not true that most people accept the concept of national
electronic records to which large numbers of people have access. Repeated
studies of patient opinion since the debate over electronic medical
records began in the mid-1990s (e.g., [1], [2]) have confirmed that
patients are almost all willing to share records with clinicians involved
directly in their care; mostly willing to share records for research if
they're asked - and unwilling if they are not; but are generally unwilling
to share their records for wider purposes. That only 1% or so have opted
out is unsurprising; only a good mailshot achieves a better response than
this. The CfH mailshot did not set out the issues clearly and did not
include an opt-out form for patients to return. It was clearly designed to
minimise the response rather than maximise it.
Finally, freedom of information requests to the Department have
uncovered minutes of the National Clinical Reference Panel [3] which
disclose the intention to add PACS imaging history, A&E discharges and
even ambulance messages to the SCR. The view appears to be that the SCR
will become the long-awaited EPR, which in time will accumulate almost
everything. This will greatly exacerbate the safety and governance issues
I discussed in my article.
[1] Clinical Systems Security--Implementing the BMA Policy and
Guidelines", A Hassey, M Wells, in "Personal Medical Information--
Security, Engineering and Ethics",
Springer (1997)
[2] "Public Perspectives on the Governance of Biomedical Research: A
qualitative study in a deliberative context", V Armstrong et al., Wellcome
Trust (2006), at
http://www.wellcome.ac.uk/assets/wtx038443.pdf
[3]
http://www.connectingforhealth.nhs.uk/systemsandservices/scr/staff/advis...
Competing interests:
None declared
Competing interests: No competing interests
Professor Korff is without doubt a worthy lawyer, but he
seems to miss the point of my contention with Professor Ross
Anderson about this case.
My point was that the judgement was about a failure of
system security controls so that 'I' was unable to prove
that her record had been inappropriately accessed and so
gain the compensation that would have been due to her in the
courts in Finland. This appears to be supported by
Professor Korff's discussion in his Rapid Response, rather
than the reverse.
I cannot see anything in the judgement that argued that the
health record was de facto improper or unlawful in any way,
only that, in this instance, it was not properly secured
against inappropriate access. There was no assertion of a
'right' to limit the use of the record, which is what
Professor Anderson suggested and that I contended.
I would also like to add that in no way did I wish to impugn
Professor Anderson because 'he is not a lawyer'. For one
this would be self-defeating, as I too am not a 'lawyer',
though have been involved extensively in this area for the
last ten years (though Professor Anderson pre-dates me there
as well). I believe Professor Anderson to be as capable of
reading English and applying logical deduction as myself or
Professor Korff. I would like to apologise to Professor
Anderson if he felt slighted. I merely meant that in this
and the Database State report, I felt that he had drawn the
wrong conclusions about the legal position. He will
doubtless feel the reverse.
In any event, my core argument was not about the fine points
of I vs Finland, but about what are the real benefits and
drawbacks of the Summary Care Record - or any other EHRs for
that matter. The Article 29 Data Protection Working Party,
who are generally all lawyers or data protection regulators,
in their Working Paper (WP131) on EHRs seemed to come out
with the view that EHRs were such a good thing that consent
was not possible. There I would welcome Professor Korff's
assistance 'as a lawyer' to explain why you cannot consent
to something that is good for you.
I must thank Dr. Bhatia for correcting me. It was a poor
phrasing on my part - I had meant 'recent treatments or
adverse reactions', so that MedicAlert bracelets will tend
to show ongoing or chronic issues, rather than more recent
unanticipated aspects. The fact that the patient has only
just shown an adverse reaction to a prescription they have
recently started would probably not be known on the
MedicAlert bracelet, which would not normally include recent
prescriptions, except if they were known to be high-risk.
The SCR is expected to hold such information about the drugs
being taken, so that a clinician or pharmacist could spot
some possible drug-drug interaction or know why a possible
adverse reaction had appeared. I would note that there is
no evidence as yet as to how up-to-date the SCR will itself
be, but I have presumed, possibly incorrectly, that it
should be within a few hours rather than days.
I did not understand Dr. Bhatia's second point about needing
a test case. Was the issue about the legality of having an
SCR or the workability of having one at all? Or was it
rather about opt-in vs. opt-out, which is not really about
the question of security raised in I vs Finland, though
clearly the risk/benefit analysis would affect whether you
should have opt-in or opt-out as I have argued in other BMJ
articles. I hope he is not arguing that we cannot have an
SCR (or any EHR) unless it is 100% secure - that would be
like suggesting we don't use doctors unless they are 100%
perfect.
Competing interests:
None declared
Competing interests: No competing interests
I disagree with Peter Singleton and agree with Ross Anderson about
the implications of the I. v. Finland judgment of the European Court of
Human Rights. Mr Singleton dismisses Ross Anderson's views because Ross
is not a lawyer. That may be true, but Ross, not Mr Singleton, is right
about the case. I am a lawyer, with considerable experience both at the
European Court of Human Rights and as a data protection expert.
Briefly, I. v. Finland (ECtHR Judgment of 17 July 2008, Application
No. 20511/03) was about alleged access by unauthorised hospital staff to
the medical records of the applicant, who was herself a nurse, and who had
been found to be HIV positive. In spite of rules supposed to protect the
confidentiality of her medical data, and of this diagnosis in particular,
her information does appear to have been improperly accessed by colleagues
at the hospital where she worked and who were not involved in her clinical
care (there was an issue in the Strasbourg proceedings about the onus of
proof in this respect, but that is irrelevant here - contrary to what Mr
Singleton says, it was not the central issue).
Specifically, the European Court of Human Rights upheld the
applicant’s argument that her medical data were not adequately secured
against unauthorised access at the material time. (para. 46)
The crucial passage in the ruling is the Court’s dictum that:
“the mere fact that the domestic legislation provided the applicant
with an opportunity to claim compensation for damages caused by an alleged
unlawful disclosure of personal data was not sufficient to protect her
private life. **What is required in this connection is practical and
effective protection to exclude any possibility of unauthorised access
occurring in the first place.** Such protection was not given here.”
(para. 47, emphasis by means of ** added)
The respondent State (Finland) had “failed in its positive obligation
under Article 8 § 1 of the Convention to ensure respect for the
applicant’s private life.” (para. 48) There had therefore been a
violation of Article 8 of the Convention. (para. 49).
As Professor Anderson has made clear, the SCR system as currently
being implemented is incapable of complying with the above ECHR standards
and thus, because the Convention is now part of UK domestic law, unlawful.
I fully endorse that conclusion.
Douwe Korff
Professor of International Law
London Metropolitan University
Competing interests:
I am a member of the FIPR Advisory Council and have advised the FIPR team that drafted the Database State report on the law.
Competing interests: No competing interests
As far as I know, a UK court has not even considered the lawfulness of Summary Care Records('SCR') but Anderson concludes that " with the additional data being added, it is now clearly unlawful" [1].In conlcluding so, it appears he relies heavily on the ECHR case of I v Finland [2]. However,although it is correct that I was awarded compensation,the ECHR did not make a "finding" that "we have a right to restrict our personal health information to the clinicians involved directly in our care" [1]. In fact, the ECHR considered the case on the basis that there "was a failure on the part of the hospital to guarantee the security of her data against unauthorised access, or, in Convention terms, a breach of the State’s positive obligation to secure respect for her private life by means of a system of data protection rules and safeguards" [2](para.37).
If Anderson believes that SCR have "serious legal problems" [1],then one legal remedy would be to initiate judicial review proceedings. Given it is an issue of public policy, it is likely that a Court would be inclined to grant a protective costs order(PCO) too, based on the principles set out in Corner House Research v The SoS for Trade and Industry [2005] EWCA Civ 192 [3]. Seeking an injunction to restrain the implementation of SCR would be another legal option, should the authorities fail to address the concerns raised by Anderson and many others.
References
[1]Ross Anderson.
Do summary care records have the potential to do more harm than good? Yes
BMJ 2010; 340: c3020
[2]http://www.bailii.org/eu/cases/ECHR/2008/623.html
[3]http://www.bailii.org/ew/cases/EWCA/Civ/2005/192.html
Competing interests:
None declared
Competing interests: No competing interests
Re: SCR - a GP view
Dr Nicholas mentions the advantages he perceives in having access to
patient records.
Might I suggest that sometimes looking at the patient with fresh eyes
and an open mind (uninfluenced by previous records) could lead to a
different diagnosis, a different line of treatment? And as a result, the
patient might even be happier and be better cared for? I refrain from
using the professionally popular phrase "patient management" which is as
unpleasant as "patient compliance". Certainly the patients will often
need longer than whatever the current allocation of average "consultation
time" per patient might be dictated from on high.
But enough of these heresies.
JK Anand
Competing interests:
None declared
Competing interests: No competing interests