Privacy GP calls records opt out pledge a ‘decoy’

  • 13 March 2007

A GP who has campaigned for patients to secure an opt-out from the NHS Care Records Service (NCRS) is claiming that current plans will still put confidential patient information at risk.

Dr Paul Thornton has written a 12 page report which claims the government’s pledge of an opt out right from the Summary Care Record is a “decoy” that will falsely reassure patients that data held on other aspects of the NCRS is safe.

Dr Thornton has sent his report, The NHS Database: Lord Warner’s opt-out decoy to the British Medical Association, the Royal College of General Practitioners, the Information Commissioner and the Department of Health’s own confidentiality watch dog, the Patient Information Advisory Group.

In the report Dr Thornton claims the well publicised promise by former health minister Lord Warner in December that patients will be able to prevent data being written to the SCR does not go far enough. He claims full patient records will still be vulnerable because of plans to hold Detailed Care Records on remote servers.

The report states that patient information will be accessible to all NHS staff who work in the same unit as the professional to whom confidential information has been divulged which may be as small as a single GP practice or as large as an NHS Trust covering two or three District General Hospitals. The report claims Detailed Care Records could be held on as few as two or three databases in each local service provider cluster.

The report adds: “Some restrictions might be placed on who is “allowed” to access the records but this is substantially exceeded by a recognition of the numbers who are “able” to access the records. The biggest security risk to any large database arises from illegitimate use by staff with at least some degree of legitimate access.”

Dr Thornton told EHI Primary Care: “There will be an opt-out from the Summary care records but you will still have to have a Detailed Care Record which will all be held on remote servers.”

Dr Gillian Braunold, joint GP clinical lead for Connecting for Health, said the distinction between the SCR and Detailed Care Records was that the SCR was a new database so patients could stop their information being written to it while Detailed Care Records would be held on existing systems. She added: “With Detailed Care Records you do have the right for that information not to be shared and to be partitioned to the organisation that created it.”

Dr Thornton’s report questions the obligation on clinicians to keep Detailed Care Records on remote servers.

It adds: “As a worst case option clinicians can keep information on paper records. As a better option, properly functioning and genuinely secure local databases would be preferable to paper in respect of care and more acceptable than the CfH proposals to patients in respect of privacy.”

Dr Thornton, a member of The Big Opt Out confidentiality campaign, is calling for the promise of an opt-out right from the entire national database to be included in the NHS Care Record Guarantee.

Dr Braunold told EHI Primary Care that the Care Record Guarantee was subject to revision every six months and that she expected the opt-out agreement for the SCR to be included in the next version.

Dr Thornton’s report also criticises the government’s plans to hold data on the Secondary Uses Service which it claims will in some cases mean data is provided to users in a fully identifiable form and in other cases as pseudo-anonymised data which can be tracked back to its original fully identified structure.

The report adds: “Proposals to supply wholly anonymised and aggregated patient information, which would be suitable for the majority of essential NHS business functions seem to have been dropped.”

Useful documents

The NHS Database: Lord Warner’s opt-out decoy

Related stories

Patients to be able to veto spine uploads

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Today's edition includes GOSH using AI to help identify Parkinson's Disease and a look at the challenges of evaluating digital health tech.
NHS data centres now fully decommissioned following Spine move to cloud

NHS data centres now fully decommissioned following Spine move to cloud

NHS England have confirmed that all data centres have now been decommissioned following the successful move of NHS Spine to the cloud earlier this year.
Somerset NHS FT contacts patients about data breach

Somerset NHS FT contacts patients about data breach

Patients at Musgrove Park Hospital are being contacted by Somerset NHS Foundation Trust after it was revealed a staff member inappropriately accessed data.