Clarification on patients’ rights to opt out of having personal information recorded under the NHS Care Records Service (NCRS) will be sought by the Information Commissioner (IC) in the very near future, according to a letter from the commissioner’s office.
The letter, sent to Dr Paul Thornton, a Warwickshire GP with a special interest in privacy issues, came from a senior official in the IC’s office, Dave Evans. He wrote: “I can confirm this office is involved in ongoing high level discussions with those involved in the implementation of this system.
“While I cannot go into any detail about the subject of the discussion at this stage, I can assure you that any concerns we raise will be taken seriously.”
Dr Thornton wrote to the commissioner – the official responsible for regulating the Data Protection Act – after a debate in the Commons in which health minister, Caroline Flint, gave an assurance that patients would not be obliged to have their information stored on the ‘Spine’
He told the IC: “It is not clear from the Minister’s contribution whether the Department of Health has conceded that the patient’s ability to opt out of the national database exists as a right in law, or whether this is simply being provided as a voluntary concession. I would be grateful if you would confirm that there is a right to opt out of data processing on the proposed National NHS Database.
“Whether or not this opt out exists as of right, there remains no indication that patients will be informed of this option by an amendment to the National Care Records Guarantee, or the promotional material derived from it. I would be grateful if you would confirm that unless patients are fully informed of the arrangements for processing their data, and thus the ‘opt out’, the Fair Processing requirements of the Data Protection Act will not be met.”
Evans, responding for the IC, replied: “It is our understanding that any patient who decides to ‘opt out’ will be able to do so – once this decision has been relayed to the relevant health professional, that patient’s record will only be available to those responsible for producing it.
“Clearly this right to object has to be an inherent part of a National Care Records system as without a viable opt out, any consent inferred by those using the system is unlikely to be considered valid.”
He continues: “Where the processing of personal data is likely to cause damage or distress, a patient would have the right to require that the health professional acting as a data controller ceases or does not begin processing those data.
“The Information Commissioner intends to seek clarification on the opt-out and how it will function in the very near future.”
Dr Thornton told E-Health Insider: "I think it’s good news because it showed that the Information Commissioner’s office was looking critically at the proposals and that they still had substantial doubts about the proposals."
He fears, however, that the opt-out proposed by Connecting for Health, the agency responsible for the Care Record Guarantee and the design of the NCRS, means that if patients ‘opt out’ their information will be hidden from view rather than not being written to the database at all.
Dr Thornton said that for the fair processing requirements of the Data Protection Act patients must be informed of their right to opt out.
"The NHS Care Record Guarantee does not contain that advice to patients,” said Dr Thornton who believes the IC’s input will lead to the Care Record Guarantee being "radically reviewed".
Links
Dr Thornton’s letter to the IC
Information Commissioner’s Office response