Care record guarantees patient record privacy

Tough new rules will ensure that patients maintain privacy over their medical records when a national database is launched next year, health minister Lord Warner announced today.

Link: NAO says NHS IT system will miss deadline

Fears that public medical records could be accessed by any NHS employee at any time were allayed when Warner announced the publication of the Care Record Guarantee, setting out the rules governing information held in the NHS Care Records Service. The nationwide patient health record system will begin rolling out across England in 2006.

The guarantee makes 12 commitments to patients about their records, including the ability to electronically protect their medical privacy under a ‘sealed envelope’ system.

In other words, patients who do not wish those providing routine care to see information they feel is sensitive can opt to store it in an electronic sealed envelope, over which care professionals will still have some control.

For example, if they consider it necessary to see this information and are unable to get the patient’s consent, they can ‘break the seal’. This action can only be justified in specific circumstances, and is audited so the patient can be notified.

Access to records by NHS staff will also be strictly limited to those having a ‘need to know’ to provide effective treatment to a patient.

Lord Warner said: ‘There will be very strict controls on who has access to a patient’s records. However, we recognise that some people may have particular concerns about how their personal health information will be kept confidential in the new system.

‘We understand that – which is why we are today setting out clearly what they can expect from the NHS and their rights to control who has access to their personal information.’

Care professionals accessing a patient’s information will also need to have a direct clinical relationship with that patient. The National Programme for IT said that systems would ‘automatically construct a legitimate relationship’ when a patient is referred to another care professional.

It added that in exceptional circumstances, care professionals would be able to create a legitimate relationship with a patient without referral or consent, for example, in the case of an accident and emergency clinician treating an unconscious patient. The reason justifying the creation of this legitimate relationship must also be recorded at the time.

Under the NPfIT, the NHS’s CRS will connect more than 30,000 GPs and 270 acute, community and mental health NHS trusts in a single, secure national service. The service will replace the existing variety of local paper and computer-based record systems.

BT was awarded a contract of £620m to deliver the national elements of the service, while the local service providers delivering the local elements of the service include Accenture, CSC and the Fujitsu Alliance.

Accenture was awarded a £1.1bn contract for the northeast cluster and £934m for the eastern cluster; Capital Care Alliance (BT) was awarded a £996m contract for the London cluster; CSC was awarded a £973m contract for the northwest and west Midlands cluster; and the Fujitsu Alliance was awarded a £896m contract for the southern cluster.