Care.data, the now defunct NHS patient data sharing scheme, casts a long shadow.
Even when not acknowledged, the fears that the scheme fostered, that the NHS was using, perhaps even selling, our medical data without our say-so, persists.
That fear erupted again this month, as reports emerged that the Information Commissioner’s Officer has raised “data protection compliance concerns” about TPP’s SystmOne.
SystmOne is the second most popular GP electronic record, used by 2700 practices and holding the record of millions of patients. It’s important that the information held is secure.
The ICO hasn’t expand much on the nature of these concerns. They relate to the system’s “data sharing function” and whether it holds patient data securely and processes it in a “fair and lawful” way.
Everything else is hotly contested.
Media reports have claimed that the sharing function allows “thousands of strangers” to look at your medical records, providing they have a log-in to TPP.
The “breach” was described as “truly devastating” by MedConfidential and “serious issues with potentially huge implications” by GP IT leader Dr Paul Cundy.
But TPP is adamant that it is all much ado about nothing.
The company points out that sharing has been turned on since 2012, and was rolled out with the full blessing of Connecting for Health, and input from the BMA and RCP.
Except in the case of emergencies, patients must give consent for their records to be viewed and, if records are viewed inappropriately, there is a full audit trial to catch the culprit.
So far there had been not one patient complaint about the system, the company says. Oh, and lives have been saved.
The truth is probably somewhere in between.
NHS leaders, to neutralise the concerns about a care.data like scheme, is moving to a more regional patient data sharing model. TPP’s sharing function is nationwide and proudly so.
Likewise, there is a move towards building an architecture for data sharing where it’s not technically possible to see or change a patient’s data without the right permissions (often supported by excitable slides about blockchains and distributed ledgers).
Like many other data sharing schemes, TPP relies instead on information governance and monitoring to make sure the right people look at the right file.
The question now becomes whether that’s enough.
The company could, with some legitimacy, argue that regulatory goal posts have been shifted. That its set-up was good enough in 2012, and nothing has gone wrong since (and did we mention the lives saved?).
Certainly, even critics of the scheme are not advising GPs to turn off the sharing function. It really does save lives.
However, TPP’s position ignores the heightened sensitivity to the handling of patient data since the care.data fiasco.
The public’s trust in the NHS, and by extension its IT systems, as reliable custodian of their health data had been eroded.
Everyone had a part to play in restoring it.