Scorecard: A List of Loopholes and Unpleasant Surprises (in England)

As a patient, can you know how your medical records are used, and whether they are all consensual, safe, and transparent?

This is the current and proposed state today: (mid-September 2017 – following the Government’s response to Caldicott 3)

 

Consensual

Safe

Transparent

GPs – Direct Care

✔︎

✔︎

✔︎

GPs – local CCGs / councils

✔︎

Varies by recipient

Depends on GP

GPs – research copies

✔︎

Unknown

Hospital – Direct Care

✔︎

✔︎

✔︎

Hospital – local sharing

By 2020

Varies by recipient

By 2020?

NHS Digital: SCR controls

✔︎

✔︎

In 2018

NHS Digital: Safe Setting

✔︎

✔︎

✔︎

NHS Digital: Sale of hospital records

✘ (opt outs ignored)

Partial: now;
More: late 2017;

Full: Late 2018.

NHS Digital: Commercial reuse of hospital records

✘ (opt outs ignored)

NHS England: CSUs / councils / national

Variable

Unlikely

DH family:

PHE disease registries

✘ (no fair processing)

✘ (misleads patients)

(proposed as a postcode lottery)

CPRD @ MHRA

✔︎ (Type 1)

Partial (unknown: will it be included in the NHS lists?)

Genomics England

✔︎

✔︎

✔︎

Chief Medical Officer 2017 Annual Report plan for Cancer care ✔︎ ✔︎ ✔︎

Any one individual institution or organisation may still fall short in practice in any particular instance. This scorecard covers what their current rules intend to be the case. medConfidential believes it is possible for every trustworthy organisation to meet the requirements of consensual, safe, and transparent.

The scorecard above relates to patients’ data within a boundary we define as being under NHS data controllership, which includes data processed under an NHS contract. This may exclude apps to which you provide data which were “signposted” by the NHS. For such apps, we have a page covering The questions you should ask about apps (coming soon).

What the NHS terms “Risk Stratification” – such as the calling for screening of people with particular characteristics, can be done in a number of ways. The scorecard considers such activities as a function of where the decisions are taken – consensual and transparent risk stratification requires different types of decisions to be made at different levels (the CCG may choose the characteristics of whom should be called, but the GP should select their patients which meet those characteristics) – the transparency and accountability of such a model sometimes works against the narrower interests of some local decision makers who do not wish to make a clear decision on the best evidence.

medConfidential strongly believes that there should be a single consent choice for patients – one tick box covering all secondary uses. However, consensual is any legal basis for consent, not just dissent – which includes exceptions provided for by Parliament (such as in the case of a public health emergency).

The test of ‘safe’: Can you find a record and medical history based on reasonably known information (available to neighbours, or from an article in a newspaper), and then cover it up? It is insufficient for the public to be expected to keep their children’s ages and date of birth secret from their friends classmates, and ex-husbands. The only safe way to handle patient-level data for secondary uses is in an auditable Safe Setting, or by providing statistical outputs only.

Public Health England: PHE refuses to consider effective patient dissent, and there is no fair processing, so at least some of its data processing cannot be lawful under the Data Protection Act. GDPR will make this worse. Additionally, due to the conflation of direct care and secondary uses, the current data model for, e.g. the Cancer Registry, cannot deliver a true Caldicott Consent Choice to patients without a fundamental redesign that takes into account the law as it will be (or just the law as it was when the current registry was built).