Rapid Responses to:
|
|
Rapid Responses: Rapid Responses published:
-
![[Read Rapid Response]](/web/20090711174822im_/http://www.bmj.com/icons/misc/sectionDOWN.gif)
The caldicott function and information sharing
- Richard P Fitton (20 June 2009)
-
Fundamental error; protagonists not seeking to solve the problem
- Adrian K Midgley (20 June 2009)
-
The futile debate
- Roger Weeks (20 June 2009)
-
Use of data for continous improvement
- JACK AMAYO BUONG' (24 June 2009)
-
Confidentiality and Sharing Health Information
- Beatrice Amuge (30 June 2009)
|
|
|||
|
Richard P Fitton, Salaried assistant Caldicott Guardian Tameside and Glossop PCT, M34 2GP
Send response to journal:
|
“Confidentiality and sharing health information” BMJ 2009 ;338:b2160 doi: 10.1136/bmj.b1260 Data is a useful resource for the health and the care of patients and is expensive both to create and record. Patients invest their lives and their confidentiality when they register with a health service provider. They expect a service that improves their lives with the minimum amount of harm from the treatment or disclosure of their personal data. The balance between the unwanted disclosure of data and harm from non disclosure of data is not dissimilar to the risks and benefits of prescribed drugs. Not enough and inaccurate information can harm or kill them. Too much can cause them shame, embarrassment, and economical or employment problems. As Richard Thomas and Mark Walport’s review described there is a balance to find between the two risks. Having been a GP in Manchester and surrounds for 30 years I hope to see a far more seamless care system for my current and ex patients before I hang up my medical bag. Why can I not see the hospital record of my patients and why can the hospital doctor not see the GP record that I have so carefully created to represent my patients? In January 2008 I became a pro-active Caldicott Guardian pushing for more and better sharing of information. The Data Protection Act is a good tool to help me, professionals and patients. However it needs to be taught to all professionals. It is currently not part of Medical students’ mandatory training and should be. So what does does the DPA do? The Data Protection Act requires lawful and fair processing of personal data. It requires the appropriate technical and organizational measures to be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Data subjects’ rights include the right of access to personal data, the right to prevent processing likely to cause damage or distress, the right to prevent processing for purposes of direct marketing, the rights in relation to automated decision-taking and the rights to request rectification, blocking, erasure and destruction. Fair and lawful processing of data is enhanced by access to records by patients and we are investing in and researching this process at Tameside and Glossop PCT. Fair processing also requires a conversation with our public and visibility of data flows. We publish our third party data sharing agreements, data flows and registers of clinical records on our public facing website. www.tamesideandglossop.nhs.uk/templates/Page____937.aspx We are working with our PCT’s Contractor and Performance department to produce data sharing contracts for our service providers as required by the DPA ( “Where processing of personal data is carried out by a data processor on behalf of a data controller, the data controller must in order to comply with the seventh principle— (a) choose a data processor providing sufficient guarantees in respect of the technical and organisational security measures governing the processing to be carried out, and (b) take reasonable steps to ensure compliance with those measures. 12 Where processing of personal data is carried out by a data processor on behalf of a data controller, the data controller is not to be regarded as complying with the seventh principle unless— (a) the processing is carried out under a contract— (i) which is made or evidenced in writing, and (ii) under which the data processor is to act only on instructions from the data controller, and (b) the contract requires the data processor to comply with obligations equivalent to those imposed on a data controller by the seventh principle.”) We plan to allow patients to access the audit trails to their own records too. Patients experience a conceptually whole NHS but are treated by a data fragmented NHS. The Data Protection Act, training, Information Governance and modern technology will provide a solid platform for data sharing. We all need culture change, training, application and true patient and public partnership for the successful implementation of information sharing. Richard Fitton Caldicott Guardian Tameside and Glossop PCT Progress Way Windmill Lane Denton Manchester M34 2GP 0161 304 5300 Competing interests: None declared |
|||
|
|
|||
|
Adrian K Midgley, GP Exeter EX1 2QS
Send response to journal:
|
It is a mistake to think that the way to process health data for research or probably for much of care is to collect all of it from many places and then analyse it in one place. It is a mindset comon in primary care trusts and other varieties of health authority - "Send us all your patients records, we want to count how many of them have Diabetes". A better approach would be to send the question - automatically, system to system not person to person - and receive the number. 82 More complex processing is no harder to do where the data is than where it is done at present, and the problems of collecting the records of many onto a place from which a worker may copy them to a thumb drive and then lose it are avoided. Last century the MIQUEST ssytem, allowing querying of GP computer systems in a Health Query Language (HQL) which is a superset of (a subset of) Structured Query Language (SQL) was developed for this and other purposes. The apparent fact that the people who want the conclusions do not understand the best tool for extracting and analysing the data should not be taken as a recommendation for them, nor for them to do it in other arbitrarily reinvented fashions. Quite the reverse. In the event that patient identified information is sent elsewhere, each item and each access, subsequently as well as at the time of extraction, should be reported automatically to the patient. A brief sketch of one way to do this is presented at http://www.flickr.com/photos/midgley/3622837633/ Competing interests: None declared |
|||
|
|
|||
|
Roger Weeks, GP Deanhill Surgery SW14 7DF
Send response to journal:
|
The ethical debate about managing patient information security and confidentiality sharing data from a Central Care Record is entirely unnecessary as there is no need for and indeed no established case for the creation of such a record. Sheather's editorial highlights four needs - for: 1. flow of information to 'support 21st century healthcare' assisted by: 2. a single secure confidential Electronic Patient Record (EPR) for every person to assist information flow and provide a focus for: 3. timely communication to improve day-to-day patient care and provide: 4. legitimate access to records for research, audit, commissioning, planning and governance. The single secure confidential EPR exists and is alive and well cared for in Primary Care (General Practice) throughout the UK, and it is virtually universal. It does not have to be re-invented in another form such as the Central Care Record (CCR). The only reason why the Primary Care EPR is not used to send and receive information to and from secondary care is that the UK government's efforts to create a CCR have held up, nay stopped dead, such flows as secondary care continues to wait and wait for the CCR and still has no EPR to communicate with the Primary Care record. As Sheather says, there are no ethical objections to such digital electronic communications as they simply replicate the existing analogue paper communications. The fourth need (the subject of so much futile debate and hand wringing) for legitimate access to EPRs for audit, research, commissioning, planning and governance can be met by existing technology which provides analysis of extracted pre-anonymised (de-identified) data collected from GP EPRs, as practiced for the past 18 years by several organisations including the charity Doctors' Independent Network (DIN). The Central Care Record scheme should be abandoned and all efforts directed at creating a standard (using Read codes version 2 as currently used in most GP systems) for a universal transmissible EPR for use across all health and social care sectors, providing EPRs to all care providers but making the GP EPR the main one to which all others report, thus facilitating the data flows so desperately needed for optimal patient care. Access by organisations not directly involved with patient care for research and so on can be limited to anonymised data collected and governed by 'trusted third parties' such as DIN. Competing interests: Dr Roger Weeks is the chairman of Doctors' Independent Network (DIN) |
|||
|
|
|||
|
JACK AMAYO BUONG', Lecturer in Community Health Great Lakes University of Kisumu
Send response to journal:
|
“The flow of high quality, up to date information, accessible to patients and immediately available to appropriate health professionals, will create a virtuous circle: clinicians will be able to do a better job, and patient outcomes will improve”. The above quote from this journal is justified. The availability of this information creates a good trigger for dialogue. The data is centrally processed into meaningful information is fed back to the different stakeholders in the health system. A few selected indicators are processed and display anonymously into a useful set of health messages. For example some information may be given by the patient at individual level but this information can be used for the public good. A case study that may involve such an aspect is the assessment of the client satisfaction with the services at a given health facility. The results from the analysis of such data can be used to hold dialogue sessions for improvement. The dialogue sessions may include the health workers, the patients, the Community Health Workers (CHWs),Health Committee members and community members. The action plan may result in improvement on the client satisfaction at the health facility level. This outcome of improvement agrees with the argument above that clinicians will do a better job. In other words improved service delivery and health outcomes. The provision of high quality health care also requires large data flows for planning. The ADPA model relies on data that triggers dialogue for continuous improvement. ADPA means Assess, Dialogue, Plan and Act. In this kind of a set the data is the energy source that drives this dialogue which can also be referred to wheel of change. The debate on whether the patients’ information should be treated as individual or public good can be handled carefully by considering ethics in research. Regulations such as anonymous data at the national level protects the patients from harm. Issue of confidentiality considered at the health facility level and disaggregating data for individual, health facility, district , national and international levels. Competing interests: None declared |
|||
|
|
|||
|
Beatrice Amuge, Assistant Commissioner Health Services, Nursing Jinja Hospital, Uganda
Send response to journal:
|
The Issue of confidentiality is quite complex. I do agree with most of the authors comments on confidentiality. In most cases patients release information not even knowing that it is going to be shared among the health personnel directly involved in providing care, and yet this is what usually happens. This affects patents confidentiality though it is beneficial for providing care to the patient. In reference to releasing data required for ancillary use such as audit, research, care planning or accountability, this actually poses a problem in confidentiality because the information is being used or at times even published without the consent of the source (patient). Some of the patients are aware of the above scenarios and do not disclose sensitive information leading to fragmentation and bias. Sharing information among health personnel who are directly involved in care and also the use information for ancillary processes are very important for patients’ care and planning. I do accept that there is need to balance rights to health care with duties to share information, without conflicting the issues of confidentiality in future, by explaining to the patient the future prospective of releasing health information. Beatrice Amuge Competing interests: None declared |
|||