Skip to main content

Medical Records (Confidentiality)

Volume 575: debated on Tuesday 11 February 2014

It is a pleasure to hold this debate under your distinguished chairmanship, Mr Hollobone.

The debate deals with one of the most accepted and appreciated relationships, which is that between patients and their doctor, with the knowledge that whatever information is recorded by the GP is confidential and kept securely in the medical records held by the practice. Next month, that will change. Under controversial legislation passed in 2012, family doctors will be required to pass to a new national database created by NHS England all the medical records of the patients in that practice.

The personal GP record may be added to by any other social care organisation that deals with the patient and with hospital records that exist for an individual. This is being done, according to NHS England, to improve the delivery of health care to benefit researchers inside and outside the national health service. I have no reason to suggest that this move will not lead to improvements in health care, and, no doubt, the Minister will deal with that matter more fully.

I have sought the debate for two main reasons. My first concern is shared by many people, including some present in the Chamber: the security dangers of bringing all such personal data together in one huge national database. The second reason is my dismay and even anger at the deliberate manner in which the public have been deprived of consultation and information on what could be, and I think will be, a significant threat to their right of privacy in respect of their medical records.

On the first threat, to security, we are assured by NHS England that the information

“will be stored…in a secure environment with the highest standards of information governance and technical expertise to protect the data.”

If patients are reassured by that statement, the US Government must have lower standards. For example, Angela Merkel, the German Chancellor, learned about the USA hacking her personal phone from sources inside the US. A young lad from Glasgow was extradited to the USA in the past 19 months to face charges, because from his Govan bedroom he had breached military systems in the US. This weekend, closer to home, Barclays bank admitted that delicate, sensitive and important financial details of 35,000 of its customers had been stolen.

Does the hon. Gentleman believe, as I do, that the single most important point, which I hope that he will elaborate for us, is whether the identities of the people whose data are being stored are also being stored? If they are being stored, I am entirely with him; if they are not and only data without identity are being stored, there might be more to be said for the scheme. I am interested to know what he has to say.

That is an important intervention, and I will deal with that, because it gets to the nub of the matter. Health care improved, fine, but there must be a balance with the right of individuals to have their privacy. I will deal with that.

Importantly, the fear is not only of professional hacking, but of amateur hacking, which can break into major databases. The problem about the medical database is that someone’s medical data are almost as strong as a fingerprint. If people were looking for me, for example, I have five broken noses on my medical record, which probably reduces the numbers that they are looking at from 60 million to about 100; they could also probably work out my age, if that is removed, from when I had my diphtheria jab and various other early jabs. It is still possible to reverse engineer from so-called anonymised data. In the States, that was done with an anonymised data system—the record of the Governor of Massachusetts was picked out by an academic, to demonstrate how weak such systems are.

I read with interest about the right hon. Gentleman’s unfortunate nose. He makes an important point.

My point is that there will eventually be a breach of security. It is inevitable, given the size of the database and the information stored in it. The human cost to the patient whose identity and medical history are made public is potentially disastrous. Careers could be ended, jobs lost, insurance refused and relationships destroyed if sensitive medical facts are made public or used by private firms, other people or, indeed, the media.

I congratulate the hon. Gentleman on bringing this matter to the House for consideration. He said rightly that there is a medical need to have some of the information, but many patients fear that their confidentiality could be taken over by money-making ventures from those involved in the process. Instead of an opt-out system, should there not be an opt-in system, whereby the GP and the patient get together and discuss confidentiality and an understanding of the system before anything happens?

The hon. Gentleman makes an important point, which I will cover when discussing the second issue that I identified. At the moment, I am dealing with security, but I will come on to the opt-out arrangements, which are far from satisfactory.

A further reason for concern is that the information will not be available for analysis and research in the national health service alone, but will be made available to non-NHS organisations. A Library note describes an interesting situation in which, without the consent of individuals, the information given can identify patients:

“In most cases, researchers can carry out their studies using information that does not identify you. Occasionally, however, medical researchers need to use information that does identify you. Only researchers who have obtained your permission or who have been granted special approval are allowed to access your identifiable data… The CAG approves requests where it is not possible to use information that does not identify you and it is not possible to ask you. There are a variety of reasons why it might not be possible to ask people; for example, where there are extremely large numbers of patients”—

so it is okay if researchers pinch a lot of patient information and identify the patients, but such patients would have no come-back, because that is reasonable in the eyes of the national health service.

Another interesting but concerning document includes a diagram helpfully provided by the Information Commissioner that describes three different levels of anonymity. First, in the public domain, there is no information—none. It is totally anonymous. Secondly, for approved organisations, whether NHS or outside organisations given permission, there is potentially identifiable data. Finally, organisations that have a legal basis, such as the police, have all the data—nothing is hidden. Interestingly enough, the police will not have to do what they have to do now, which is to get a court order to get the information; they will have an automatic right to it.

NHS England has explained that information given to private researchers will be anonymised before release, but that is undermined by its statement that the standard of anonymity it is using requires it to

“ensure that, as far as it is reasonably practicable to do so, information published does not identify individuals.”

That is hardly reassuring.

All those instances could be dismissed as speculation, but we should be aware that NHS England and the Government see the whole exercise as an opportunity for the UK to become a major player in medical research, with both the NHS and the private sector seeing strong economic growth and income from the use of the data. I forgot to mention that in the database will be included people’s national health service number, postcode, date of birth, gender and ethnicity. With all that information—particularly the postcode—it will be fairly easy to identify someone.

I turn now to the question of permission. This genuinely makes me very cross. The handover from GPs will take place in March—one month’s time—and after three months, depending on opt-out numbers, 100% of records will be on the national database. That should have happened already, but the Information Commissioner stopped the process late last year because the NHS had not consulted or, in the commissioner’s view, given enough information to the public. The commissioner ordered the NHS to postpone the process and take steps to give more information on both what was happening and the right to opt out. It has been given £2 million to do so, but it is far from clear that it is doing it willingly—it is doing it in bad grace.

I should mention the summary care record, another IT exercise that was carried out five or six years ago, more limited in its function but with the same organisational structure. A key element was that, unless a patient objected, their records would automatically go on the database. That tactic of forcing people to opt out rather than in was successful and with summary care records only 1% of patients in the pilot schemes opted out. There was a discussion about what system should be used for opting out for the new, greater system, a report was written, and surprise—officials chose the opt-out. With no real publicity, involvement or consultation, they have reckoned from the pilots that that might be the result nationwide. I thoroughly object to that.

NHS England published a leaflet, which might have come through Members’ doors, that supposedly meets the Information Commissioner’s request, but it is so bland, patronising and uninformative that it seems to have been written, miraculously, by a dead author—Enid Blyton. It is an insult to the general public. Opting out is not actually spelled out within the leaflet. NHS England is demanding that people go to their doctor’s surgery, discuss the matter with a doctor or practice manager and then give their decision on opting out. The House knows how busy doctors are and how busy their surgeries are. Is somebody going to take a day off work to go and see their doctor not because they are ill but because they want to discuss opting out? It is not sensible.

I suggest that NHS England is not serious about involving and empowering the general public. That is the second reason why real questions should be asked about this plan. The leaflet does not make the point that there are two opt-out options, one for giving the information out within the health service and one for giving it out outside the health service, or that people can obtain a form, fill that in and send it in to a practice.

I am taking up time and I know that a colleague wants to speak. I want the Minister to take his lead from the Information Commissioner and postpone the introduction of the scheme to allow further consultation and discussion about whether there should be an opt-in or an opt-out, about what information is being shared and about the security of that information. If the medical records of members of the public are going to be given out, they should have knowledge of that and should have had the opportunity to opt out.

I congratulate the hon. Member for Leeds East (Mr Mudie) on raising this issue for a debate that I think merits a bigger attendance. I hope that the subject will be debated subsequently on the Floor of the House.

This is an important issue. We have seen in recent months and years in the House that data sit at the heart of so much of the transparency revolution that is taking place in health care, not least in the Francis report, which was indeed in part driven by a revolution in transparency, with outcomes data revealing differences in outcomes across the UK. That has highlighted that, within our precious and beloved NHS, there is huge variability in standards and outputs. The genie is out of the bottle, in terms of the public interest in the power of those data to drive both transparency on outcomes and patient empowerment—a theme that the hon. Gentleman rightly touched on.

I declare an interest in that I come to this matter after a 15-year career in biomedical science and research, in the last seven years of which I helped to create partnerships in the national health service between NHS clinician scientists, research charities, industry and university scientists to try to accelerate the process by which modern medicines are discovered and developed. My experience is that, over the past 10 years, this country has quietly come to lead in the appliance and use of anonymised cohort datasets and, indeed, specific patient datasets in particular disease areas to drive and accelerate the development of modern medicines, with extraordinary benefits for patients in the NHS.

The truth is that the traditional model of medicines development, on which we and the NHS have relied for nearly 50 years, in which the pharmaceutical industry goes away and spends hundreds of millions—or increasingly, billions—of pounds and comes back to us with a perfect drug that suits everybody, is a model that it cannot afford, and we cannot either. The more we learn about genetics and genomics, and patients and disease, the more we know that your disease, Mr Hollobone, will be different from mine: our susceptibility to it will be different, as will be our response to drugs. The revolution in research data offers an extraordinary opportunity for the NHS to be the place in the world where we develop and design 21st century medicines targeted at the patients who need them and generate extraordinary opportunities for our NHS patients and clinicians.

I want to mention an example that brings this matter to life. The last project that I worked on was here in London, at King’s college, with Professor Simon Lovestone, the head of research at King’s academic health science centre and professor of psychiatry. The project was funded by the National Institute for Health Research, an NHS body, and looked at the catchment population for the South London and Maudsley NHS mental health trust—250,000 patients suffering from a range of mental health ailments. As Members will be aware, in mental health, there is no magic bullet drug; there is a huge cocktail of some very difficult drugs, with hugely traumatic experiences for patients, who often have to change dosage. It is an unsatisfactory area of modern health care, in which we are really failing a large number of patients. The system that was put in place, funded by the NIHR, created an anonymised dataset of the 250,000 patients, which allows researchers to look across that cohort at relationships between medicines and outcomes, disease and MRI scans, and really shines a light on which drugs are working for which patients. That gives extraordinary opportunities to us here in London and in Britain to lead in the field of developing treatments for a whole range of mental health ailments, from Alzheimer’s to a range of other indicators.

The truth is that these data are utterly key to the quiet revolution in 21st century health care and medicine that we are beginning to see for three reasons. The first is research, as we have discussed. The second is accountability, as we saw in the Francis report most traumatically, but across the board. My constituents want to understand and to see that their patient journey from care is properly tracked. I have power of attorney for my mother, and last summer I wanted to be able to log on quickly to see what she had been prescribed and what her diagnosis was when she was unable to do that for herself. The younger generation particularly want and are beginning to expect to be able to use data to drive accountability.

The third and most important reason is empowerment, which the hon. Member for Leeds East touched on. We are moving from an age when health care and medicine was something that was done to us by the Government to something that we want modern 21st century citizens to take more responsibility for. Several concerns have been touched on, some of which are valid and important to discuss.

My hon. Friend is making a fabulously compelling case and I think that I agree with everything that he says except for one presumption: this is being advanced with one, all-singing, all-dancing database, instead of a set of tailored, directed ones.

My right hon. Friend makes an excellent point, as ever, and I was just coming to it.

The hon. Member for Leeds East raised several important points that I want to touch on. We should be clear that the data will be anonymised, and it might be worth looking at a framework to ensure that only anonymised data are released. No one is even beginning to think or talk about insurance or anything to do with insurance companies. That has not been mentioned, and it is important to say that here. That is not what the issue is about. We should all remember that it is illegal for pharma companies to contact any patient even if they have got hold of data.

On opting in and opting out, the evidence suggests that patients want their data to be used in research. The opt-in rate to the biobank project is 98%, and when patients are told that the data are not being used for research, they want to know what on earth is being done with them.

An additional point worth making concerns doctor-patient confidentiality. There are layers of data, and my right hon. Friend’s broken nose would sit quite high. More discreet information such as notes by a GP may not be appropriate for release, and we should acknowledge that we are talking about layers of data.

I will wrap up by saying that there is a huge danger in the Government’s laudable initiative to link their datasets together to drive the revolution: a clear statement of patient rights is needed. Patient data are involved, and patients should have a framework and the architecture to access them for themselves. We should encourage them to take responsibility for their outcomes, their health and their data. If we did that, I think that we would find much more public support for this important initiative, which I welcome.

It is a pleasure, Mr Hollobone, to serve under your chairmanship. I congratulate the hon. Member for Leeds East (Mr Mudie) on securing this debate and all hon. Members on their contributions.

I pay particular tribute to my hon. Friend the Member for Mid Norfolk (George Freeman) for his excellent speech, in which he highlighted the importance of sharing data to improve patient care. He talked about empowering patients to take greater control over their health care. That is important and the key to it is ensuring that patients have the right data to do so. He also talked about improving research, ensuring that we can properly combat disease and linking data properly to understand exactly how to find cures for rare diseases. Importantly, he referred to the fact that we need properly to understand how good health services are, and to recognise where there is good practice. That is particularly important following the Francis inquiry and report, which outlined the importance of delivering high-quality care and transparent and properly used data to deliver that. He made those points very well.

My hon. Friend the Member for Mid Norfolk (George Freeman) also referred to a major project involving people at the Maudsley hospital who had suffered serious mental illness. I want to hear from the Minister that there is no way under the sun that people who have suffered mental illness, for example, would find their data getting into the wrong hands. Without that guarantee, the project seems to be very dangerous.

In the time available, it is difficult to speak about detailed points. I apologise to my hon. Friend for that and I will write to him addressing some of the points that he raises. However, I can assure him that robust safeguards are already in place to protect patients with mental illness, and those safeguards will remain robust, if not more so under the systems that we will put in place.

It is important to recognise that the big challenge facing the health and care system is the fact that in the past we have had too much silo working, which has been to the detriment of patient care. The health system has often operated in a fragmented and siloed way. The operation of the health and care systems is not integrated and joined up. Key to driving improvements in patient care is ensuring that we join up the information that informs what good care looks like. Integration involves ensuring that a process exists to join up health and care information to improve care for patients.

We want to look after people with diabetes, dementia and long-term illnesses and to give them dignity of care in their own homes. It is important to do that and to have the right information and evidence to do so. We are well into that journey. The £3.8 billion integration fund will help with the provision of services, and the health and social care information centre will help us to get the right evidence base to drive properly joined-up, integrated care.

Will the Minister confirm that the situation at the moment—that is, under the previous Care.Data initiative—is more or less that GPs have patients’ records, many of which are not electronic but in paper format with treasury tags, but there is no formal link across to hospital records? Hospitals can say whether a patient has been admitted, but most of them do not have an integrated system to know what treatment a patient received in different parts of the hospital. Normally, someone pushes a wagon along the corridor with the treasury-tagged information. Also, there is no integration at the moment with the care system. The data of many of my constituents who go in and out of hospital for acute care and community care are chaotic. That makes transparency difficult, and it was one of the things at the heart of the Francis report and some of the Winterbourne View issues. We must remember that we would all gain from this public health benefit.

My hon. Friend makes an excellent point, and he is right to highlight the fact that we are talking about an evolutionary process. The health and social care information centre is not a sudden revolution. It will allow better use of information to join up care in exactly the way that he describes. It is no good having a £3.8 billion integration fund for better provision of services unless we have the right information and can join up intelligence to understand what good care looks like.

The two professionals in the Chamber are having an interesting conversation, but the public want to know whether the Minister is content, first, that the use of personal data will not lead to the identification of individuals and, secondly, with the present system of consultation on opting-out.

We already have robust procedures in place, and they will exist under the new system to protect patient confidentiality. I would describe them in more detail if I had more time, but it is worth highlighting some of the history. It is not revolutionary to store information; it is evolutionary. Hospital episode statistics started being collected in the following care settings in, I believe, the following years: in-patient data in 1989, out-patient data in 2003, A and E data in 2007-08, and primary care data from 2014.

We already have systems for collecting and analysing information, and patient safeguards exist in those systems. We will now see a system that better joins up and builds that evidence base to drive better care for patients, which is exactly the point that my hon. Friend the Member for Mid Norfolk made. We need to expand the evidence base, and it is absolutely right that we ensure patient confidentiality when doing so. I believe that we have the right safeguards in place to do that.

A number of points have been raised in the debate, and I will write to hon. Members with further clarification. I hope that that will be helpful.

Sitting suspended.