Out-Law Analysis 5 min. read

Children's digital health records in England – the new standard


ANALYSIS: The creation of a standardised digital health record for every child in England should ensure that in future children receive better, more consistent and coordinated health care in a way that is transparent to parents and guardians. However, if this initiative is to be success, it is vital that privacy risks are effectively managed.

The new standard

The new 'healthy child record standard', as proposed, will capture all the information that relates to a child's health in a standardised and electronic form, bringing to an end the frustrations that stem from relevant data being held on different systems that do not interface with one another across the health and care sector.

The standard is comprised of a 'healthy child record specification' and a 'healthy child events specification', complemented by implementation guidance. Together, the documents confirm the type of data that should be recorded from the various clinical encounters that children have from birth through their formative years, together with the proscribed structure and format in which that information should be captured.

Examples of the types of data, or 'events', covered by the standard includes information concerning the basic hearing and other physical tests carried out on new babies, feeding status, allergies, family history, immunisation administration, contact details for the child's relevant medical professionals, educational history and the social context in which the child lives, as well as details of medical conditions.

A final draft of the standard was published by the Professional Records Standards Body (PRSB) in October 2017, along with further technical specifications for NHS IT systems to enable the exchange of data between practitioners. The PRSB is the body charged by NHS Digital with developing standards for the sharing of electronic patient data.

The PRSB's work on the standard has been informed through consultation with patients, health and social care workers, and further shaped through assistance and guidance from a number of professional bodies, including the Royal College of Paediatrics and Child Health, the Royal College of General Practitioners, and the Royal College of Physicians Health Informatics Unit. Whilst the draft standard remains subject to change following further scrutiny by professional bodies, the PRSB has said that it expects "any changes to be minor". The final form standard is expected to be published later this winter.

The context in which the new standard has been developed

The health child record standard is part of a broader push towards greater digitisation in the NHS and specifically represents an outcome from NHS Digital's 'Digital Child Health' transformation programme.

The programme is aimed at moving away from the current position where a child's health data is recorded in a paper booklet that parents are expected to share with the different medical professionals who become involved in the care of the child concerned, with electronic data being stored in silos across various health care systems.

NHS Digital is seeking to enable different stakeholders across the health and care sector to "exchange event information" that concerns a child's health, and further enable "parents, children and carers to manage the health of the child interactively" through the creation of electronic personal child health records – the electronic 'red book', or 'eRedbook'. The 'eRedbook' is currently being trialled in different areas of England.

NHS England has contracted Sitekit to develop, publish and implement the technical messages and standards needed to deliver the aims of the Digital Child Health transformation programme. This will enable national implementation of the eRedbook and allow information to flow to and from clinical systems.

It is also worth noting that delivery of the standard is part of NHS Digital's data and information strategy.  Published in November 2016, the strategy identified the potential of data to improve the way in which health care is delivered, building on NHS Digital's overarching vision "to harness the power of information and technology to make health and care better".

A blurring of the lines between a child's health care, education and social circumstances

NHS Digital has claimed that, in due course, the creation of the new healthy child record standard "means that everyone involved in a child's care, including parents, will have access ... to a standardised set of paperless, digital child-health records". According to the PRSB's proposals, this includes creating closer links between health, care and the educational and social contexts in which children grow up.

The potential benefits of this approach in terms of planning and evaluating services are reasonably clear, with greater efficiencies being created through the linkage of mental health services, hospital-based child health services, education services and child protection services.

One component within the new healthy child record standard is 'developmental skills', intended to provide a picture of some of the major milestones that children accomplish during their pre-school years, helping to indicate when a child is ready to start school. Recorded data could include everything from when a baby is first able to lift its head clear of the ground, sit up unsupported, and crawl, through to whether a toddler is toilet trained or enjoys books.

Controversially, the social context in which a child grows up, including information about the composition of the household in which it lives, the educational and employment status of its parents and personal information about a child's lifestyle, alcohol and drug use would also be recorded. In addition, the standard also refers to the fact that safety alerts could be included within a child's digital health record, potentially including information about risks posed to a child by other members of their family. Given that parents will have access to the data recorded about their child under the standard, it is unclear how some of these aspects of the strategy will work in practice.

Privacy, confidentiality and other IT risk

The data that will be included within the new healthy child record standard may in certain circumstances provide a highly intrusive picture into a particular child's life, as well as recording sensitive details concerning the lives of a child's parents, guardians and other significant individuals.

With that sensitivity of data involved, it is vital that proper controls are put in place to manage and restrict the scope of individuals who will be entitled to access the data and the purposes for which such access is granted.

The so-called 'WannaCry' ransomware attack on the NHS in 2017 provides a recent and high profile example of the potential risks posed by reliance upon IT systems that are inadequately protected from cyber criminals. Equally, the risk of data breaches caused by the negligent or unscrupulous acts of NHS staff needs to be considered.  In the latter case it is worth noting that as recently as November 2017, the Information Commissioner's Office reported that it had "secured eight convictions against NHS employees who were caught prying into the medical records of patients, friends, colleagues or other people they knew, without a valid or legal reason".

With the EU General Data Protection Regulation and the UK Data Protection Bill set to create an even more uncertain data protection compliance landscape, the implementation of the new healthy child record standard needs to be meticulously planned if the NHS in England is to avoid a repeat of the now cancelled care.data initiative.  Key elements in relation to the delivery of the new regime must include: 

  • a carefully designed communications strategy;
  • a robust data protection compliance model that accommodates both the existing Data Protection Act 1998 and the General Data Protection Regulation; and
  • future-proofing of the regime's compliance structure for the medium to long term.

In short, a sensitive balance must be struck between what clinicians might want, in an ideal world, what the regulatory framework allows and, importantly, what public opinion will accept.

Matthew Godfrey-Faussett and Joanna Elder specialise in data and technology issues in the health sector at Pinsent Masons, the law firm behind Out-Law.com. This article first appeared in the January edition of Digital Health Legal.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.