I’m not sure this article is going to win me many friends, but here goes. There seems to be a huge rush towards setting up data repositories, and I’m really not sure I agree with them.

Locally there is the Cheshire Care Record (CCR). I’ve seen news stories about a similar system in Leeds and I went to a talk about one in Bristol – the speaker there mentioned he knew of others all over the country.

I have multiple problems with the Cheshire Care Record and data repositories in general. It’s not that I don’t understand where the drive for them has come from. Cheshire isn’t one just area. We are at least three, if not six, if you consider our neighbours. We all refer into different hospitals and the geography is huge.

Re-treading ground

Locally we had already set up the ability for A&E, urgent care and outpatients to see the GP record. The evidence was they hardly every used it, and not because it was too difficult to do so. Locally, we are an EMIS Web economy so our community staff and our GPs can already share records, send each other tasks, and book appointments.

Now there is an issue that this hasn’t been set up right and the data sharing agreements are in a mess and variable, but even a small part of the resource that’s gone into the CCR could have sorted this.

I do wonder if this project thing is a job for the boys (and girls). Commissioning Support Units are getting rid of people; clinical commissioning groups aren’t exactly hiring loads. Having each area run a massive project keeps a few people in a job, and calling a project ‘big’ helps make it look good on the CV.

What about the Summary Care Record?

Of course, the laudable aim of these schemes is to create a whole health economy-wide data repository that anyone from primary, community, secondary or social care can access if they need to. Whenever I’ve been to presentations about them, the team gives examples of ill patients in A&E and the heroic doctors needing to know if they have a penicillin allergy or are on chemo drugs. But locally most of that was doable anyway.

What’s worse is, given we are on the border of Cheshire, some of our patients will attend an A&E that isn’t in the CCR anyway.  What happens beyond the boundaries?

Amazingly, there is an alternative that appears to have been overlooked. It’s called the Summary Care Record (SCR). There is even an extension to it, called Additional information. This is national – has Royal College of General Practitioners’ approval, contains all the data one might need in an emergency, and has a load of rich features on sharing more than the standard data but not sharing everything.

One of the biggest clinical drivers I have ever heard was from a consultant psychiatrist who was dealing with severely mentally ill patients. She bemoaned her inability to see patients’ live prescribing data or see what they were on or at what dose. She felt she was being asked to make risk judgements that could kill the patient – and perhaps her career – on the basis of incomplete data.

I told her that information is in the SCR already, and all she needs to do is ask her IT department to give her access. I’m not sure she believed me and I’m not sure she has yet asked or had it given to her, but she has no reason to wait for the CCR to give her this information.

Towards a data controller role

Of course, I’m more than happy to share a patient’s data with someone who is looking after him or her. But I think we need to move towards more of a data management role where I authorise people rather than giving almost blanket coverage to the whole health economy to access a record.

This is one of my concerns with the data repository. Sitting here typing in front of a Samsung TV, who knows who is accessing this data? Does it really need a copy of everyone’s data all the time? Why can’t it use a system where it only shares the data on the person in question? Having my data held multiple times surely puts the risk of it appearing on WikiLeaks?

Once the data is held separately, I presume I’m no longer the data controller so I have no power over what’s done with it. Will it be sold to insurance companies? Perhaps not at first, but researchers or private big data people might be granted access. Will they start to look at it for performance assessments rather than clinical ones?

Risk that data repositories become data dumps?

Given the adage ‘garbage in, garbage out’, whether anyone will be able to pull anything meaningful from it will be dubious.

However, do I want a copy of my data sitting in some repository for anyone to access? OK, they say it’s secure – they say only staff trained in information governance will access it – but is that a good enough security measure?

They say only if a patient is on a practitioner’s caseload will that healthcare professional be able to see the data – but that’s a loose definition. I might attend the hospital for an outpatient appointment in one speciality, but will my neighbour who happens to work in another department be able to look me up? I’m live on their system but is it clever enough to know that my neighbour is in the wrong department to see my information?

The reassurance we’ve been given is twofold. Firstly: we will do audits – though never seen one published yet. Secondly – your practice manager will be notified every time a patient’s record is accessed and he or she can check it. I won’t repeat exactly what my practice manager said to this, but something to do with having better things to do with her time than track 23,000 patients and their outpatient attendance, and how is she to know whether access is justified or not.

Trust the patient and let them give permission

One of my simple solutions to these issues would be that every time a patient’s record is accessed, text that individual with details of who accessed it and where they work. Let the patients track it.

Moreover, I would give the patients power to grant access to their records. Currently the consent process involves the clinician who is asking to see the record ticking a box on screen. How can you prove retrospectively that the patient was in the room and agreed – was even asked? Perhaps take a photo of them with their thumbs up, or get them to give their signature with a mouse, or to record their fingerprint.

So I prefer the idea of a national, centrally held, summary record that patients can control or that, at the very least, they can see who is accessing their data. It doesn’t store all my records – just pertinent data. The patient could link it to their Apple Health app and store data in there for their clinicians to see. Perhaps it might include some dental or optician information. It would tell me whenever my record was accessed, and perhaps could act as some form of communication portal tracking my appointments and so on. Wait a sec: don’t we kind of have this? Should we just use it and perhaps develop it?