Data Protection in General Practice

GP patient records are no longer kept on practice-based servers and whilst the original records folders are still held locally they are rarely referred to and their future is in doubt.  But even though records by law have to be kept for a specific time, the use of computer records means paper copies, like clinical letters, are destroyed after six months. With no guarantee of letters being scanned into the right patient’s notes this leaves little chance of correcting errors. Here we discuss other worries which surround data kept on a central server.

Why does the Department of Health want to make patient data more accessible and what are the consequences?

Having a central NHS record system is in theory a good idea but who owns them when data is scattered around different remote servers? Formerly GP practices held data on their own servers and paper records were owned by the Secretary of State so ownership and accessibility was clear. But now it’s unclear whether records are owned by data controllers or users. Does anyone in a GP practice control access? Are passwords and smart cards monitored and changed regularly, and by whom?  Making them more widely accessible leaves the system wide open to abuse if just anyone is allowed access to peruse or alter patient data at will!

Whilst it is useful for a clinician to be able to look up your notes when you visit a surgery which is not your usual one, or that a new GP can have your records electronically transferred almost immediately can we be sure that any new doctor will summarize a patient’s notes accurately? The use of free text instead of codes makes the use of the data for health needs assessments or NHS claims unusable but the Data Extraction Service enables payments to be made under the Quality Outcomes Framework despite no patient consent.

Are the data security measures in primary care tight enough?

Even with the use of a personal smart card the security of data is only as good as the computer user and only as long as they are at their desk.  Here is my solution:

• Timed usage. Passwords to be refreshed if a keyboard is not touched for say 10 minutes.
• Users cannot change this timed period.
• Medical records written up only at the time of a consultation to avoid mistakes or omissions with a software embargo on writing notes after the event.
• It should be standard practice for a patient to be able to see a doctor’s computer screen during a consultation.
• Sensitive information about a patient’s health and care should only be shared by those directly involved in treatment.
• Patient data should be encrypted and properly anonymised.
• Access for insurance or medical negligence claims should be restricted to the incident details only, not the entire record.

Patients need to understand what data sharing means

Patients need to be aware of what consents have been given in respect of access to their records. They may consent to sharing between NHS sites, hospitals and GP practices for example but may not realise the NHS may have allowed anonymous access to data without patient consent.

In some GP practices access to medical records is permitted online and there is currently a debate concerning whether children should see their own records. If a child over 12 is of sufficient competence and understanding about their health care there appears to be no reason why access should be denied, but then should a parent or guardian have access without the child’s consent?

In conclusion, patients may not be aware of their rights of access or of who is looking at their records. When it comes to data protection in general practice there are many issues which need to be looked at, not least the legal consequences for any data users and questions over the legal ownership of data.