NHS patients will be allowed to delete electronic summaries of their treatment records from a new national medical database, the Guardian has learned.
The decision represents a significant concession in data protection policy following talks between health service officials and the Information Commissioners’ Office (ICO).
Until recently the Department of Health had resisted pressure from sceptical patients and doctors critical of the security risks generated by confidential records being transmitted across the NHS broadband computer network known as the Spine.
Last month, officials described the cost of deleting individual summary care records (SCRs) from the system as prohibitive. The Department of Health had offered instead to “mask” or “suppress” unwanted files, making them difficult to access – a process that would nonetheless leave personal details on the database.
SCRs are being introduced as part of an NHS-wide initiative being rolled out across the country to provide clinical staff with information on those they treat.
Any doctor or nurse will have instant access to a summary of a patient’s past medication, adverse drug reactions, allergies and conditions – which could be useful if that patient is unconscious or unable to recall vital details.
SCRs are also being used to record confidential treatment requests including end of life plans, where people ask to be allowed to die at home or enter instructions such as “do not resuscitate”.
Pilot schemes began in Bolton and Bury, and so far more than 280,000 SCRs have been created nationally. The Department of Health says that 98% of people who have had the advantages of SCRs explained to them are in favour.
But Dr Gillian Braunold, a medical director of the programme, acknowledged that “a significant minority” of people “don’t want to have a summary care record”. The new position, she said, was that “the deletion option is there if [individuals] are not happy … They can choose to have [their SCR] deleted physically.”
The only exception would be if the patient’s SCR file had already been used, in which case it would be archived for “medico-legal” reasons, she added.
A few rebel GPs have been encouraging patients to opt out en masse. There are worries that an individual other than relevant clinical staff could gain access to such sensitive data.
One Hampshire GP, Neil Bhatia, has asked the ICO whether it considers the SCR policy is consistent with data protection principles.
Connecting for Health (CfH), the NHS agency developing the records system, had already granted patients the right to opt out of the scheme at an initial stage – resulting in no SCR being created.
The latest complex issue concerned whether those enrolled on to the SCR database should subsequently have a right to have their file thoroughly purged from – rather than merely “masked” within – the system if they withdraw consent.
The dispute was resolved in talks between the ICO and CfH. The former has traditionally taken the position that personal information that is no longer required should be deleted.
