Priorities for Health: Protecting and safeguarding patient confidentiality
November 2006
Introduction
In August 2006, BMA Scotland conducted a survey of members to identify their priorities for health. Around 600 doctors from all branches of the profession responded to the survey and their priorities for protecting patient confidentiality are reflected in this policy briefing.
Background
The BMA welcomes investment in information technology (IT) within the NHS. The BMA agrees that greater sharing of healthcare information has the potential to improve patient care. The challenge lies in achieving a balance between greater sharing of information and ensuring the security and confidentiality of the data. Doctors have a duty to maintain the confidentiality of patient information and therefore their trust in any IT programme is vital.
Throughout the development of the Scottish e-Health strategy, efforts have been made to engage with the medical profession to ensure that the records are developed in line with the needs of the service. However, there is a belief that the public is not fully aware of plans to create electronic patient information and that they have not consulted upon. With such a significant amount of investment at stake, it is essential that all stakeholders, including patients are consulted and their views taken into account. The outcomes of the e-Health strategy must not be presented to the public as a fait accompli.
Electronic Patient Records
Electronic Patient Records are individual holistic records for patients that are accessible to those who require the information, including patients and carers. At present, professionals working in different health and social care services hold fragments of records (relevant to their field of work), but will probably not have access to the whole patient record. The proposal is that an electronic record will bring together all of this information into a single record and access will be tiered to ensure that availability of information is limited to what the professional needs to know.
This system will link every GP surgery and hospital in Scotland, providing online records for up to five million patients. The BMA supports the concept of an integrated centralised health record system.
Greater sharing of health information between healthcare professionals has the potential to significantly improve the care provided to patients. But increased sharing of healthcare information could also have implications for patient confidentiality and the challenge lies in achieving a balance between greater sharing and ensuring the security and confidentiality of data.
Maintaining the trust and confidence of doctors in the new systems is absolutely necessary for the successful implementation of any new technology. Secure systems are required to ensure that only authorised staff can change the content of records. Such amendments can have a serious impact on the welfare of patients and systems need to guarantee that access is authorised and appropriately recorded (in an audit trail). These seemingly technical issues have real consequences for doctors’ actions, reputations and relationships with patients. They also have real consequences for patients with respect to their safety, treatment outcomes and trust in the medical profession.
Patient consent
Doctors responding to the BMA Scotland survey said that it was important that patients had a choice of whether or not their information was held on an electronic patient record. Doctors feel that some patients may be unhappy about having their sensitive personal data on a central system and, by offering a choice, patients will be able to consider what information is contained in their records and whether they wish this information to be shared. Confidentiality is central to trust between doctors and patients.
85% of doctors in the BMA Scotland survey agreed that patients need to be made more aware of plans to create electronic patient records so that they can make an informed decision about their personal health information.
Access to medical records
In the BMA Scotland survey of members, 98% of doctors said that it was important that patient confidentiality be safeguarded and protected. However, recent efforts by the Scottish Parliament to improve information sharing between public services have created rights for non-medically qualified personnel from external agencies to access children’s health records, even when no abuse is suspected (most notably in the Joint Inspection of Children’s Services and Inspection of Social Work Services (Scotland) Act 2006). Under this legislation, doctors would be committing an offence if they prevented an inspectorate access to a confidential health record, and no consent would be sought from the patient.
The BMA recognises and fully supports the need to improve child protection services and doctors will continue to play their role in protecting children and vulnerable members of society from abuse.
However, the duty of confidentiality owed to a person under the age of 16 is as great as that owed to any other person. Regardless of whether the requested treatment is given, the confidentiality of the consultation should be respected unless there are convincing reasons.
The BMA considers that it is important that children are made aware of the fact that professionals, other than those in the immediate care team, will have access to their records. The BMA also believes that their explicit consent should be sought before allowing access by external agencies. 83% of doctors in the BMA survey said that it was important that the public were consulted before policies that allow non-medically qualified personnel (from outwith the NHS) access to health records were introduced.
Recommendations
In order to protect and safeguard patient confidentiality, the BMA believes that:
- The public should be made more aware of the developments to create a single electronic patient record with tiered access.
- Patients should have a choice about whether their health records are held on an electronic record.
- Children’s rights of confidentiality should be respected (where no risk of child abuse is suspected).
- Patient consent should be sought before allowing access to medical records by external agencies.
- The public should be consulted before policies are introduced that allow non-medically qualified personnel access to their health records.
BMA Scotland Public Affairs Office
Tel: 0131 247 3050/3052
Email: press.scotland@bma.org.uk