Out-Law / Your Daily Need-To-Know

Out-Law News 2 min. read

Patients win right to delete records on controversial health database

Patients will be able to demand that their health records are deleted from the massive database being built by the NHS, privacy regulator the Information Commissioner's Office has said. Previously, patients could only have details 'masked', not deleted.

A national medical database being built by NHS body Connecting for Health will keep a record of a patient's condition and health care, called a Summary Care Record (SCR). Connecting for Health previously would not allow that record to be deleted, even at the request of the patient. That has now changed.

The ICO said that it had negotiated the change with Connecting for Health.

"People want the assurance that they can restrict who can access their personal details in NHS electronic records," said an ICO statement. "We met recently with Connecting for Health to discuss the permanent deletion of summary care records once a patient requests their summary record no longer appears on the database."

"We are pleased that as a result of these discussions [Connecting for Health] have found a way to ensure that these records are permanently removed from the database when appropriate and we are continuing to talk to them about how this is put into practice," it said.

Patients already have the right to opt out of the system when it is first introduced to them. They will then not be the subject of an SCR at all. Connecting for Health's concession will be welcomed by activists who oppose the central collection of such personal data.

"Following discussions with the Information Commissioner we have now agreed that anyone can now request that their record is deleted," said a spokesperson for the Department of Health. "Our early adopter programme was set up precisely so we can learn from emerging issues such as this one."

The Department of Health said, though, that the SCR would not be deleted if it had actually been used. This was to preserve evidence of activity in case it was needed in the future.

"In the event that a record was accessed as part of someone’s healthcare, a record of that access needs to be kept in case there was a subsequent investigation of the performance of a clinician or a dispute about the facts – this is in the best interests of both patients and clinicians," said the spokesperson.

Controversy has surrounded the NHS's system from the start, as activists and GPs have objected to the central collection of such sensitive information. They argue that the storing of such information centrally poses too great a risk of it falling into the wrong hands.

The NHS initially did not even allow patients to refuse to be part of the system, but conceded that right in 2007.

The ICO gave the system its qualified support in 2007 and said that it would continue to monitor its compliance with the Data Protection Act.

In late 2006 when it was revealed that patients had been refused the opportunity to opt out of the system, doctors' representative body the British Medical Association (BMA) threatened to boycott it.

"We believe this particular suggestion by the [Department of Health] is unlawful and certainly it's out with our understanding of the Data Protection Act," Dr Richard Vautry, the BMA's negotiator on IT issues and a member of its GP committee, told OUT-LAW.COM at the time.

"If they insist on that position, which we think is untenable, then it would mean that we would be obliged to advise practices not to get involved in putting any information into the summary care record," he said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.