What's your GP written about you?

Do you remember the NHS IT Programme? Twenty or so years ago it was one of the flagships of the Blair era: a single, modern, IT system for the whole NHS. But it never really happened, or rather, wasn’t allowed to happen. I remember it well, I was part of the programme’s delivery team for four years.

***

The plans sounded fine: the NHS should work like a bank, or a motor car business, or indeed almost any other industry in the modern world, which all have ONE set of records for its customers. Years ago, you could walk into a bank in a town and cash a cheque without them knowing whether you had enough money in your account - you needed a cheque guarantee card (remember them?). In the 1990s all of the banks moved to having a single set of records for all customers, and now, whichever branch of your bank you walk into they will know everything about your accounts from the one set of records.

The NHS IT programme was based around the same idea: it should not matter which hospital a patient is in, the staff should all be able to see your full medical records.

The problem with this was that the NHS is not a single business, unlike a bank. (Why it isn’t, and why it isn’t actually nationalised, is a good question but one that no one ever seems to want to face up to.) Individual trusts have their own IT systems, and the government gives them money to run them; if there was just ONE IT system, yes the government would save money (lots) but the trusts would lose their IT funding, and some of their autonomy. So the trusts fought the proposals, determined to keep their budgets.

Furthermore, patients aren’t customers. If anything, the ‘customer’ for the NHS is the government; patients are just widgets on a conveyor belt, being moved from one stage of a process to another.

Much was raised about the NHS IT programme related to data privacy. Patient groups worried about it - who would be seeing their data,  also doctors worried about it, because they like to insist that medical records are THEIR data, THEIR private notes of a patient. The last thing GPs wanted was lots of strangers (including patients, the subjects of their sometimes less than well considered writings) seeing what they were writing about people: they could be indiscreet, and indeed somewhat rude, at times. So the BMA fought the plans, and tortuous security and disclosure rules were built into the NHS IT programme to maintain privacy. Eventually it delivered little because of the expense of meeting the conflicting (vested) interests of too many players: yet another example in the public sector of politicians starting out with a good idea but then not focussing on it enough, and allowing too many vague, conflicting objectives to be taken into scope.

***

The compromise that was reached was for a ‘Summary Care Record’ to be created for each patient registered with an NHS GP, unless they explicitly requested one not be created for them. This record would be maintained by the GP on the basis that they knew the patient well, and were trusted by them, and the record would contain all important and relevant information for possible medical situations; in fact, there would be two levels, ‘medication, allergies and adverse reactions only’, and ‘medication, allergies, adverse reactions and additional information’.  A patient is able to choose which of these levels they wish to be provided by their GP, or to opt out completely. 

In theory this is a good idea, for ambulance or A&E staff may have an urgent need to know information on a patient, and having it stored centrally with fast, easy access facilitates that. The problem, like everything in the NHS, is in the execution. 

***

The original idea for the NHS IT Programme hinged on the assumption that GPs knew their patients. I don’t think I’ve had a GP that knew me since I was about twelve; even as I age and have more dealings with them, they don’t seem to know me from Adam, for they have a few thousand other patients to worry about. My partner, Viv, has had many dealings with GPs and the NHS in recent years; one might expect her to be quite well known at our surgery, yet they don’t know her personally at all; every time we have been to the doctor in the last ten years or so they are hurriedly reading through her file on the screen when we enter the room, clearly not remembering her. 

The point about GPs knowing their patients is critical: information that is shared among medical staff must be factual (not just a belief), correct and up to date. (Imagine the chaos in the banking sector if the records of your accounts seen at a branch were different from the factual truth…). GPs now are far too busy to check their records, and indeed often (in my experience) fail to pick out key information from consultant’s letters that might be critical to the correct and safe treatment of a patient in hospital. In fact,  a female patient turned up at Bridlington Hospital for a routine scan recently only to be told she was dead; this rather significant error was almost certainly rooted in an incorrect summary care record. 

***

The rules about the use of summary care records are quite clear (see https://digital.nhs.uk/services/summary-care-records-scr ): records should only be viewed by those in a ‘legitimate relationship’ with the patient, and patient consent should be sought before viewing them. This latter point is not being well observed, I believe, and I will explain my reasons later. One rule that doesn’t exist is for patients to be invited to check what their GP has entered on their summary care record, and confirm its accuracy. The view of the NHS is that doctors are fit to judge their patients accurately, and to be honest and truthful in their recording of information pertaining to patients; it is as if no-one had ever heard of Harold Shipman, let alone GPs who are too busy to focus on patients properly. The authorities have listened to the BMA too much, and do not want to accept that patients usually know what conditions they suffer from better than their doctors; it is left solely to your GP to record what conditions you have that other health organisations should be told of (unless, of course, you choose to opt out).

If you want to check the data your GP has entered on your Summary Care Record you can apparently access your SCR on the NHS App, and there are instructions on the internet (at https://www.nhs.uk/nhs-app/nhs-app-help-and-support/health-records-in-the-nhs-app/gp-health-record/#:~:text=If%20information%20in%20your%20GP,the%20information%20in%20your%20record.)  on what to do if you consider data in it to be wrong; basically it involves contacting your GP and asking them to change it. It doesn’t say that the GP will accept or even show any interest in what you say; my experience is that they won’t. The message is obvious: your NHS data, and  Summary Care Record is the state’s data, maintained by your GP; you are a little person, and should not interfere.  

***

I started looking into Summary Care Record a few weeks ago after an incident at a hospital where my partner, Viv, had been an in-patient. She was in a ward for about a  week, and, quite frankly, had not received the sort of care that our leaders seem to think ‘our NHS’ provides: nurses refused to help her to eat despite both her arms being in slings, saying ‘you’ve got to learn’ rather as if she were a disobedient six year old, and she was ‘discharged’ (or perhaps ‘kicked out’ would be a better way of putting it) from the ward early one morning to a ‘discharge lounge’, a cold, unpleasant room rather resembling the waiting room at Stevenage railway station, without breakfast and without being dressed. (She was also at ‘high risk of malnutrition’ according to one assessment I saw at the time, but that clearly didn’t mean she could have breakfast … besides, she couldn’t eat it unaided, could she?)

I checked through the documentation she was given on discharge; one sheet was a photocopy of a form that had been filled out, presumably by a nurse on the ward, in longhand, and outlined her various medical conditions, risks and the like. A single line stood out, for there was reference to a neurological condition that had been diagnosed seven years ago when subsequently it was shown she actually had hydrocephalus; the condition quoted was one that arises typically among the very alcohol-dependent. Listing this condition was a way of telling care and medical staff ‘this patient is an alkie’; in a hospital environment, where staff have many calls on their time, they are going to use some method to determine which patient is important and which isn’t; a reference to this particular medical condition will put the patient at a disadvantage. (Viv and I  had discussed references to this condition on her records with the GP a year or two ago, after a consultant had said in a letter that the diagnosis was ‘unsubstantiated’, but the GP hadn’t read, and didn’t have time to read, that letter and wasn’t going to update Viv’s records on our say-so.) In any event, this diagnosis could only have come from Viv’s summary care record, but, at no time during her stay on that ward was Viv ever asked to give specific permission for any member of staff to access her Summary Care Record or pass information from it on to the third party. It appears they just did it. 

There was also reference to a condition that Viv had never suffered from - probably an error at the GP surgery, the wrong patient record must have been updated at some point (what about the patient who did suffer from that condition, I wonder?); and some very significant omissions, including that she has an implanted device that means she must avoid strong magnetic fields, and special care is needed with MRI scans. 

This action by the ward staff might have been justified had Viv not been able to communicate to provide consent, but she could. The copying of data from a secure source onto a sheet of paper, with no controls over who it was issued to, surely breached data security rules. I contacted NHS Digital with the following enquiry:

Hi

Could you please clarify a couple of points for me in relation to an article I am researching.

Web page https://digital.nhs.uk/services/summary-care-records-scr/summary-care-records-scr-information-for-patients relates.

The page states that 'Staff will ask your permission to view your SCR (except in an emergency where you are unconscious, for example) and only staff with the right levels of security clearance can access the system, so your information is secure' .

1. Does the request to a patient to access their SCR have to be explicit and recorded - that is, not just a blanket approval on a form signed by the patient at admission saying, among many other things, something like 'I consent to whatever staff that wish to access my SCR', but a clear request from the individual or department when they feel they need to access a SCR?

2. Does the exception relating to the COVID pandemic ('we are temporarily removing the requirement to have explicit consent to share the SCR Additional Information') still apply in June 2024? If so, are you able to explain why please?

 

3. Is it permissible (even with the Covid-related exception) for an authorised clinician to access a patient's SCR and copy information from the SCR onto a (paper) form which is then provided to a third party (...) who may not be subject to the data access controls that the SCR itself is, without the expressed consent of the patient?

Thank you

Phil

If the ward had wanted to know about her medical history the nurses could have asked Viv, or me; clearly, they prefer to trust our unreliable GP and the NHS IT systems. They are obviously from the generation that is more comfortable interacting with computers than with fellow humans; personally I’d prefer someone asked me about my history, and didn’t rely on what a GP has said; they would also get better information back than they will get from the a Summary Care Record.

Nearly four weeks later I received the following reply:

Ref: NIC-757841-P9P5R 

Dear Phil,

Thank you for your email.

We have engaged with our subject matter experts, who have provided us with the response below.  

 …

 

A1. Patients choose their SCR consent preference when registering at their GP practice, and can change their mind at any time. This will determine whether an SCR is viewable by a health and care professional when providing care to the patient. Patients should also be asked for their permission to view their SCR each time they are being provided care. The SCR permission to view guidelines that organisations follow can be found here: https://digital.nhs.uk/services/summary-care-records-scr/viewing-summary-care-records-scr#scr-permission-to-view-guidelines

 

…

 

A2. The temporary policy change made during the pandemic to patients’ Summary Care Record Additional Information has been extended by NHS England, whilst a permanent policy change is considered. Further information can be found here: https://digital.nhs.uk/services/summary-care-records-scr/summary-care-record-supplementary-transparency-notice

 

…

 

A3. Information found on the SCR is sourced from the patient’s GP record. Where an SCR is viewed by a clinician, it’s main purpose is to provide that clinician / care team with information to support a medicines reconciliation. Organizations involved in the patient’s care will have their own data protection and data sharing agreements. Most centre around sharing information for the safety and best interests of the patient’s under their care. If you are concerned about any specific organisations data sharing practices, you may wish to contact them directly.

If we can be of any further assistance, please do not hesitate to get in touch.

For more information about the data, products and services formerly

 managed by NHS Digital please visit https://digital.nhs.uk 

Kind Regards, 

Raj

Enquiries Team (formerly of NHS Digital) 

NHS England 

www.england.nhs.uk 

0300 303 5678 

enquiries@nhsdigital.nhs.uk 

7&8 Wellington Place | Leeds | LS1 4AP

The key point in the above is that ‘Patients should () be asked for their permission to view their SCR each time they are being provided care’ - Viv was never asked for such permission by the ward staff. Sharing her data on paper in the way they did, without validating it, is bad practice; not checking that they were passing on accurate and up to date information could have risked Viv’s health or safety, and  is surely unprofessional. 

(I’ve also looked up the link Raj gave in A2, which refers to this being permitted because data sharing ‘... is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services'. This almost seems to legitimise sharing of medical data with an employer, and what, to some people, might the ‘management of health or social care systems include, I wonder?) 

***

The incident with poor care in the ward is not the first time that Viv has experienced less than ideal support, or that strange medical conditions have been associated with her: she has experienced similar incidents, which, on reflection, are quite likely also to be attributable to poor interpretation of, or poor quality, Summary Care Record data. On one occasion, as she was being admitted to A&E, I pointed out to the staff that Viv had a Medical Identity Card with details of her key conditions. ‘Oh, we don’t look at that’, a junior doctor told me. What that doctor didn’t say, but I suspect to be the case, was they rely hugely upon the SCR for key information - without checking its accuracy either with the patient, or relatives. 

This utter reliance upon often unreliable data, perhaps as much a symptom of societal malaise as it is of professional incompetence, could be the root cause of a huge number of, often undocumented, problems for many patients in ‘our NHS’; and, of course, the cost of remedying errors and mistakes arising from the blind acceptance of incorrect data falls to the same institution, bankrolled by the taxpayer. From what I’ve seen in my dealings with the behemoth that is ‘our NHS’, more weight is being given to SCR data - especially the ‘additional information’ - than ought to be, resulting in errors in diagnoses and worse patient outcomes; there is no reason why these might not include unnecessary deaths. 

***

The Summary Care Record can contain an awful lot of information on you, some highly subjective: to get an idea, see https://digital.nhs.uk/services/summary-care-records-scr/viewing-guidance-including-additional-information#covid-19-additional-information-content .

Are you really comfortable with hospital staff reading that kind of thing about you, and planning treatment, without gaining your consent or checking with you that what the GP has recorded is indeed accurate?

If this isn’t scary, stop to think for a moment about what your SCR could be used for in future. Forty five years ago I worked with an old chap who’d come to England from Austria before the war. He was Jewish; after he arrived he had exchanged letters with his parents but, a couple of years down the line, their letters stopped. He never heard from them again; years later,after the war had ended, he investigated and was told that it was likely they’d been sent to a concentration camp. 

One thing he said to me more than once (as old people tend to, and I do now) was, ‘Phil, whatever you do, don’t let the authorities have the means of singling you out as a minority’. Jews had been required to register after the Nazis took over, and that information was subsequently used to select them for concentration camps. Wouldn’t some of the Summary Care Record data be quite useful to a regime that might want to do something similar. Homosexual? Drug addict? Covid vaccine refusenik? What criteria might they choose, do you think?

***

As you have read, I have come to the view that the NHS Summary Care Record is already being used to prioritise, or de-prioritise, patients in some clinical environments. It appears to be being used to identify those worth putting in a little effort for, and those for whom the trouble of breaking away from the online dating app at the nursing station is just not warranted. And, of course, it's used to record how many Covid vaccinations people have had. 

The only logical step for any sane, thinking individual is to opt out of the Summary Care Record system. There may be a case to opt-in for the ‘medication, allergies and adverse reactions only’, especially if you have worries about complex medication or allergy needs, but for many of us though, we should opt out of it completely. That way, should you be unfortunate to be taken to hospital in an emergency, the doctors will have to do some basic medicine, and diagnose you by means other than seeing what your GP, who doesn’t know you at all, has said about you. Personally, I think that’s a better position to be in.

Moreover, the more difficult it is for the government, or other busybodies, to find out things about you, the better.

The form to opt-out of a Summary Care Record is at https://digital.nhs.uk/services/summary-care-records-scr/scr-patient-consent-preference-form . All you need to do is to fill it in and send it to your GP surgery.