Patients want it and the technology exists to do it securely, so why are people still unable to take full control of their medical records? Shaun O’Hanlon explains.
From driverless cars to internet controlled homes, we live in a world of huge technological advances that are making life easier and safer. Yet one fundamental area of our lives remains in the relative dark ages: healthcare.
One of our most critical assets to supporting good healthcare – a patient’s medical record – is in a fragmented, unsatisfactory state. While there has been significant progress in developing electronic record systems, with GPs leading the way, outside primary care a patient’s medical record is too often stored as handwritten notes in paper files.
Most hospitals are only now setting out in the right direction to meet the government’s ambition of a “paperless” NHS by 2018.
When it comes to sharing medical records between professionals, the picture is gloomy. Despite many pockets of innovation, in most cases vital information about a patient’s medical history does not accompany them on their care journey, and this can pose a risk to their health.
Is it acceptable in the 21st century for a pressured accident and emergency department treating a seriously ill patient to have to phone a GP practice and request a fax of their medical records? Patients certainly do not think so.
A YouGov poll found almost two-thirds of the UK population (61 per cent) are worried that failing to share vital information about their health could result in treatment delays or potentially life threatening medical errors.
One in three is “shocked” that it is not common practice for patient information to be shared electronically.
Technology is not the barrier
So what is the problem? If it is such a no brainer, why is medical record sharing not more widespread?
Unusually, in this instance technology is not the main barrier.
Multiple proven systems exist to securely exchange relevant patient information between clinicians – from proprietary software systems designed to meet the needs of a whole healthcare economy to best of breed multiple systems that share information through an interoperability portal or similar.
Interoperability has now been mandated by the Department of Health as an essential requirement of future GP computing systems.
The technology is the relatively easy bit. Much harder is navigating the legal framework around data sharing, and this is where I believe clinicians need clear policy direction to allow them to safely share medical information without fear of legal repercussions.
Information governance, though laudable in intent, is a tangled web of legal and professional regulation. For example, the Data Protection Act 1998 gave UK citizens, as “data subjects”, the right of access to that part of their medical records that comprised “personal data”. But, arguably, a medical record might contain information other than personal data that a clinician may be unable or unwilling to share.
Even after deciding which parts of the record are personal data and which are not, the law does not simply impose an unfettered legal obligation to share that data with others to enable better decisions about our healthcare.
This is because, as well as the right of access the described above, the GP and others have legal obligations as data controllers plus professional obligations. The Law Commission has said there was “widespread misunderstanding and confusion” among public bodies about data sharing and called for the law to be simplified.
Uneasy position for GPs
It is fair to say GPs – whose records are typically the richest source of information about a patient – are between a rock and a hard place.
They have a statutory responsibility as data controllers under principle 7 of the act to ensure appropriate technical and organisational measures are taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data when their patients’ data is shared.
But they also have a “duty to share” when it is in the best interests of the patient, under the recommendations of last year’s Caldicott review.
Some forward thinking parts of the NHS have successfully navigated the legal and professional obligations to deliver widespread record sharing, but not without a considerable investment of time and effort.
For example, to enable hospital clinicians to access data from the GP record (beyond the summary care record), local clinicians are effectively required by guidance from the Information Commissioner’s Office to agree and enforce robust “data sharing agreements” where the GP gives prior approval and the patient gives point of care permission.
These agreements take time – you have to get all the GPs in an area to sign up to make them work – and they are not easy to implement at scale. For instance, they do not work where the patient is receiving care outside the local area or needs emergency care while away from home.
While the summary care record has been designed to assist in these circumstances, it has not had widespread adoption in acute settings.
Case study: How it could be
Imagine the following scenario for a patient with type 2 diabetes, which affects 2.9 million people in the UK.
They securely download their GP record (via existing technology) and a new personal barcode to their phone. They are the controller of that data now, and armed with the medical details, including allergies, current drugs and recent test results, they go to the pharmacist to pick up a repeat prescription.
They show the pharmacist the 2D barcode or use contactless technology, which gives the pharmacist permission to access the record. The pharmacist checks the blood results and gets in touch with the GP electronically to discuss adjusting the dose on the patient’s diabetes and cholesterol medication. The patient leaves the pharmacy with medication updated.
A few months later, they have a hypoglycaemic attack and are admitted to hospital, where the patient lets the dietician check their medication and blood results via their smartphone to give accurate nutritional advice.
Then, on to the diabetes consultant who wants to prescribe a new treatment, but needs to know if another doctor has already tried it, or if the patient has any allergies or potential drug interactions that could preclude it. The consultant wants to check the patient’s bloods too.
The patient shows their barcode and the consultant accesses the record to find all the necessary information.
The way forward
What policy and legislative changes are needed to remove the onus from the GP and make record sharing easier for all?
New EU data protection regulations that will supersede the act are already in motion. Article 18 of the draft legislation introduces a new right to data “portability” that will give data subjects (patients) the right to a copy of all the data (electronic medical records) that the data controller (GP) processes, permitting “further use” (sharing) by the patient.
However, these regulations could take another two years to become law.
A quicker route could be a private members’ bill through the UK Parliament. Last year, Conservative MP George Freeman introduced a bill under the 10 minute rule to give patients ownership of their own records to facilitate medical research and improved continuity of care, but it ran out of time.
A similar bill after the election next year could well find favour with a new health secretary wanting to implement joined up healthcare across the UK quickly and efficiently.
Mr Freeman already has support for a new hand out bill that would ensure, as a minimum, that a patient’s NHS number is recorded at every medical intervention and that clinicians have a duty to pass on medical records through the care pathway.
Giving ownership to patients
To truly free up the data, we need to fundamentally change our attitude to sharing. In my opinion, the quickest, easiest route to large scale record sharing is to put patients in the driving seat with certain safeguards.
It could be argued that, aside from legislative changes, the current government policy that gives patients the right to access their records online – through technology such as Patient Access – gives a proxy right to a third party of their choosing to see and act upon that information for the purposes of clinical care.
‘Eighty-five per cent of us want any medical professional responsible for our treatment to have secure access’
If this were accepted, smartphone technology would put our individual medical record literally at our fingertips and make it portable throughout our healthcare journey. Most of us have access to one, and for those who do not, or cannot afford one perhaps it should be subsidised for the sake of their health.
The YouGov poll found that 85 per cent of us want any medical professional directly responsible for our treatment to have secure electronic access to key data from the GP record, such as long term conditions, medication history or allergies.
For the vast majority of patients, it is really very simple: my health, my record, my choice.
All figures, unless otherwise stated, are from YouGov. Total sample size was 2,343 adults. Fieldwork was undertaken on 26-27 June 2014. The survey was carried out online. Figures have been weighted and are representative of all UK adults (aged 18+).