Yet again, the Government’s response to Caldicott 3 has decided to ignore the problem of accountants getting masses of identifiable patient information in order to pay some invoices.
A CCG receiving an invoice needs to answer four questions:
- Is this a patient we pay for?
- Was this care provided to this patient?
- Have we already paid for that care?
- Has someone else already paid for that care?
The current system ignores question number 4.
As a result of question 2, CCGs expect to get copies of all records on all patients – taking on the burden of keeping them safe – just so as to be able to check anything that they may wish to. The inherent dangers in this are clear, and to do it requires a perpetual ‘temporary’ exception that is only lawful if “necessary or expedient”, and it is unclear whether GDPR will end this in 2018.
All 4 questions, for any particular invoice, are quite straightforward to answer. Given an invoice, the category, and some form of patient identifier, does the data show that there are (some form of) medical records for that treatment, and are those records marked as having been paid by a previous invoice?
Each of the 4 questions needs only a yes or no answer – an answer that won’t reveal any of the contents of the medical records to the accountant doing the check.
The CCG’s accounting needs only the data that is on the invoice (question 2). And even that can be minimised, over time, using the pseudonym system that the Government’s response to Caldicott 3 requires NHS Digital to create for internal use.
While ‘the system’ knows who the patients are, accountants handling bills don’t have to. For corner cases – where there is a question or query – NHS England can adjudicate, based on a “necessary” rather than “expedient” existing process. This also means that any systemic failures or fraud perpetrated against a number of CCGs would be immediately visible, and could then be investigated at a national level. Against one CCG might be a mistake; against many looks criminal.
Even HMRC understands that giving its staff access to the (tax) records of their neighbours will end badly in the public view. Yet NHS England believes the current invoice reconciliation system should continue.
In its reading of Caldicott 3, NHS England would rather remain part of the problem than become part of the solution. Its officials’ flawed obsession with a Data Lake means they cannot politically support anything that doesn’t involve more copying of data.
Whether that approach meets the lawful test of expediency, and GDPR, remains to be seen.