19 September 2008
NHS Connecting for Health, the body that provides the health service with computer systems for storing patient information, has launched a consultation on the wider use of patient data.
The 12-week exercise, run by Tribal Consultancy, is aimed at gathering views from the public, patients, NHS staff and other professional bodies on the use of patient data for purposes such as clinical research and planning care and spending.
The launch follows the latest data loss scandal, with the revelation this week that four computer disks containing the personal details of almost 18,000 NHS staff have gone missing. Whittington Hospital NHS Trust in North London said the disks disappeared after being placed in a post tray in July.
Connecting for Health chief clinical officer Michael Thick said the people running the project were mindful of the need for data security. 'We're well aware that large organisations have a habit of leaking data at the moment and clearly, that is going to have an impact on the public's and patients' view of how the NHS is looking after them,' he said.
He added that safeguards built into the NHS information network, which restrict access to staff with a direct relationship with the patient concerned and require login and password details, minimise the risk of data loss even when information is being sent to third parties. 'The bottom line is that it has to be encrypted so that even if it falls into the wrong hands, they won't be able to read it.'
There will also be safeguards to protect patient confidentiality, CfH officials said. One option is the use of linked anonymised information, where a patient's personal details are replaced with a code, enabling records to be linked across the NHS without identifying them.
Another idea – which would require parliamentary legislation – is the creation of an 'information custodian' to oversee the use of patient information. By law, patient consent must be obtained for disclosure of data that identifies them, but there is no requirement for permission to share unidentifiable information.
The Data Protection Act allows patients to opt out if they are 'distressed' by the uses to which their data may be put.
PFsep2008
