S A Mathieson and Tim Radford 

Doctoring sick notes

Computerised patient data is a vital part of healthcare and medical research. But as of last week, the health secretary can release records in the 'public interest' to any organisation without patients consenting or even knowing that this electronic information is being used. S A Mathieson reports
  
  


Last week, in the dying days of this parliament, the government did the unexpected: it nationalised something: your health records.

Clause 65 of the Health and Social Care Act, rushed through parliament at the end of last week, allows the health secretary to open your newly computerised records to any organisation he considers in the public interest - requiring neither your consent nor knowledge. Patient and privacy groups are furious this has taken place without consultation or debate.

During its third reading in the House of Lords on May 3, Labour minister Lord Hunt said that "informed consent" will be the aspiration, ie the government will try to gain your informed permission before access is given.

But an amendment from the Conservatives to make such consent compulsory was not included.

"If the clause is passed into law in its present form... it will cause irreparable damage to the relationship of trust between clinicians and their patients," said Conservative peer Earl Howe, describing the move as the "sovietisation of British medicine".

Instead, the government allowed an amendment requiring the health secretary to consult a statutory advisory committee. This body's advice will be fully published before patients' files are opened without their knowledge or consent, but the committee's findings will not be binding. Such requests will also need to be passed by parliament.

Why does the health secretary want these powers? Health records are increasingly held on computer, making them easier to process and analyse. The National Health Service is slowly implementing a system of standardised electronic patient records which, over the next few years, will supplant paper and non-compatible computerised patient data. Furthermore, in a few years' time, your health records could include a record of your DNA.

However, the particular trigger for this clause is that use of personal data without consent is illegal under the Data Protection Act of 1998. Under these principles, if you give your doctor information to help cure you, it should not be used for any other purpose without your permission - except for containing the spread of contagious diseases such as tuberculosis, where permission-seeking is suspended under a provision allowing data release if there is a medical necessity.

But doctors also pass on data to organisations such as cancer registries, which track and analyse cases of the disease. Last December, doctors' regulator the General Medical Council (GMC) said the privacy laws meant medical staff should halt this transfer. "It became quite clear that just about every doctor in the land was breaking the law," says a spokesperson for the GMC, which delayed implementation of its advice until October 2001 to allow time for a solution to be found.

Separately, in 1999 the government had lost a court case against a firm called Source Informatics, which collected anonymous prescription data to use in sending targeted mailings to doctors - rather like supermarkets using loyalty card information to send potential customers junk mail.

"The government was concerned (the firm's targeted mailing) would have put up the NHS drugs bill," says Lyn Whitfield, the editor of Health Service Journal's IT supplement. To stop this, the clause in question contained provisions to control use of prescription data by companies, yet allow detailed patient data use with the health secretary's permission.

In the Lords, the Conservatives argued that using anonymous prescription data for targeted mailing was fine, but using personal patient data without permission was not. Labour chose to agree with the first of these points, dropping the section opposed by business, but retaining the section opposed by patient and some medical groups. The Liberal Democrats chose to side with Labour, quoting comments from the Information Commissioner Elizabeth France, who examines abuse of data protection laws. France's office says her comments should not be taken as a political endorsement of the clause.

After the wrangling, almost no one is happy. Medical researchers are furious. This is partly due to concern that the advisory body will not be able to agree research by October - the Cancer Research Campaign is calling for this deadline to be pushed back - but there is a more fundamental reason.

Ben Traynor, a doctor writing for the Guardian's health pages last month, put forward the argument that asking for patients' permission produces "consent bias" in medical data, as certain types of people (such as the mentally ill) are more likely to refuse to allow their information to be used (www.theguardian.com/Archive/Article/0,4273,4169457,00.html).

But Dr Fleur Fisher, a campaigner for healthcare privacy, argues that the new act will produce "non-consent bias": some people will effectively remove their data by refusing to reveal health problems.

"Immigrants and refugees, if they feel their data will be accessed, will be very hesitant about seeking health care," Fisher argues. "Also, young professional women are very protective about their health information, given the fallacious judgments that are made on the basis of whether someone has had a sexually transmitted disease or a termination."

In one way, this is more damaging than consent bias, where data may be skewed, but at least those wanting medical privacy receive treatment.

Dr Richard Sullivan, head of clinical programmes for the Cancer Research Campaign, argues that cancer registries have an exemplary record of maintaining confidentiality, and can be trusted with patient records. "Research is peer-reviewed, it goes through ethical committees," he says. "It's up to us to explain why this research is important."

Some think the government's compromise of a statutory advisory committee provides adequate safeguards for patients. "We were quite angry about the original clause," says a GMC spokesman. "But we're absolutely delighted with what we have now." A similar committee for social security, set up in 1993, has never been overridden by the equivalent secretary of state, he adds.

But others disagree. "Putting the advisory committee, which is something we are participating in, on a statutory basis is a step forward," says Gary Robjent, parliamentary officer for the British Medical Association, which represents general practitioners. "However, there is nothing on the face of the Act that explains that in the first instance, confidential patient information will only be used if consent is sought. The government has given assurances - but governments and ministers are transient."

Simon Williams, assistant director of the Patients' Association, goes further. "We're very disappointed this wasn't dropped. We consider it an abuse of power, and damaging to the doctor-patient relationship."

Although the government said its motivation was to pro tect the data-flow to cancer registries, the health secretary can - if parliament agrees - allow other organisations access. "This thing about cancer registries has only come up since the row broke out," says Lyn Whitfield at Health Service Journal. She points out that within the NHS, there are organisations such as a prescription fraud-busting squad, who could certainly make use of records.

At the Cancer Research Campaign, Dr Sullivan admits that clause 65 gives the health secretary powers that could be "a double-edged sword". He says new privacy legislation specifically for health research is needed. Data protection laws now require specific consent to be sought from a cancer sufferer to allow their records to be used by the cancer registries, he says. Asking general permission to use a patient's medical data is not allowed: "It's not like having a donor card." Sullivan favours an opt-out system, where patients concerned for their privacy could exclude themselves.

And Caspar Bowden, the director of the IT think-tank the Foundation for Information Policy Research, says uses for our health data could be found elsewhere within government. A government white paper already contains plans to detain people with personality disorders before they commit a crime - and evidence for such disorders could be found within health records.

"Under the Data Protection Act, use of, for example, genetic data would be subject to a test of necessity," says Bowden, if it were for use on health grounds. "Under this clause, this can be overridden on the grounds of expediency, in perpetuity. Eternal vigilance is now required."

The health secretary now has permanent, wide-ranging powers to grant access to your health data without your knowledge - and not just for causes you might support. Did you even know it was up for grabs?

Genetic codes on a smart card
The information revolution goes far beyond patient records. In June 2000, scientists announced the completion of the first draft of the human genome project - a three billion letter "text" of the entire DNA of a representative human.

This was just a beginning. Researchers are now beginning to decipher the millions of tiny variations in the genetic code which account for the tiny differences between individual humans - and the differences in their medical histories. Researchers already have the complete DNA sequence of a growing number of parasites and infectious microbes.

Such genetic data, combined with the actual medical records of a nation, will open a kind of Klondyke for doctors, disease researchers and drugs companies. In many cases, scientists will have the complete, detailed instruction manual for both the infection and the victim. Knowing the works of pathogen and host so intimately, they should be able to predict exactly where to throw the spanner to halt the disease with the fewest side effects.

But they still have to work out what genes do, how they do it, and why they do what they do at a particular time. Experiments with fruit flies, nematode worms and mice will answer some questions - but the real answers will come from matching individual genetic information against real lives. The Medical Research Council, the Wellcome Trust and others are hoping to compile a register of 500,000 middle-aged volunteers who will donate their DNA and then take part in a 20-year study of their health and survival rates. Individual case studies won't answer many questions . But a huge experiment involving all kinds of people could throw new light on why some people die and why some survive better than others.

Such research will open the way to new treatments that will ease suffering and save lives. But it also raises huge questions of personal privacy. Who does such data belong to? Who should have access to it, and under what circumstances?

The questions are real: increasingly, patients will be monitored in their own homes, and consult programs called expert systems before seeing a "real" doctor. And when they do, the consultant could be a face on a screen many miles away, accessing data by optical link. How do we prepare for a world in which people will carry not just their medical histories, but their entire genetic code, on smart cards?

Yesterday, the European Commission announced £12m investment in "bio informatics." The future is on the way. Are we ready for it?

 

Leave a Comment

Required fields are marked *

*

CAPTCHA

*