Having opted out from having my medical records exposed to an astounding number of people via the NHS Summary Care Record (SCR) scheme, I’m always interested in seeing opinions on the SCR. There are a couple of open access opinion piece articles in the British Medical Journal. In the first, Mark Walport (Director of the Wellcome Trust) offers the view that the SCR will do more good than harm (Do summary care records have the potential to do more harm than good? No — Walport).  Walport takes the view that the SCR represents an excellent opportunity to benefit medical research – I have to confess that the usage of the SCR as a research tool had escaped me, and it occurs to me that this isn’t one of the original functions intended for it.  I’d also worry that this would represent a further extension of the already large group of people with access rights to the data.  As Walport says:

The primary purpose of electronic patient records is to improve patient care. As a patient I expect the following: that my records will be accurate and that I can work with my carers to improve their accuracy; that they will be treated confidentially; that they will be shared between the members of the healthcare team that collectively look after me in primary care and in hospital; and that they will provide a basis for accountability for the quality of my health care. In addition I would hope that my records could be linked to “expert systems” that would minimise the chance of treatment errors and maximise the chance of my being prescribed the best treatment.

Of course the expected benefits depend on quality data being entered in the system, and this is one issue that’s been highlighted as a potential problem (though it’s been noted that GPs and other medical practitioners make informed judgement on the information held).  As an aside, how accessible will these data be to a practitioner attending to someone who’s unconscious on the roadside?  How quickly can unambiguous identification be made?

In a counter opinion, Ross Anderson (Professor of Security Engineering, Cambridge University) takes an opposing view (Do summary care records have the potential to do more harm than good? Yes — Anderson), principally taking into account the security of the data, the potential for misuse, and indeed the illegality of the means of enrolling patients into the scheme.  As one might expect, Anderson approaches the issue from a very different perspective than Walport – that of data integrity and security.  Anderson points out:

The showstopper though is privacy. In 2008, the European Court of Human Rights decided the case I v Finland. Ms “I” was a nurse in Helsinki, and HIV positive; the systems at her hospital let her managers find out about her status, and they hounded her out of her job. The court awarded her compensation, finding that we have a right to restrict our personal health information to the clinicians involved directly in our care. Other staff must be unable to access records, not just “not allowed.” In 2009, colleagues and I wrote a report for the Joseph Rowntree Reform Trust, examining the impact of this and other cases on UK central government systems and concluded that the summary care record had serious legal problems. With the additional data being added, it is now clearly unlawful.

There is always a great worry about “function creep” in large-scale database systems – for example, it may well be that Walport’s view of the SCR as a research tool is an example – but the real issues for me are in data integrity and security.  Both relate to individual privacy, and the letter I received explaining I was in “by default”, and giving a very one-sided and over-optimistic opinion of the benefits of SCR raised my ire.  That, and the hoops one has to jump through to avoid being included.  Recall that once your data are in, they are there for good.

As I write this, Neil Bhatia (who maintains a website providing an opposing view of the SCR) has written a “rapid response” comment.