Digital diagnosis: vital signs good

Now here's a thing - the so-called 'Facebook-generation' of digital natives get just as wound up about the confidentiality of their medical data as anyone else.

Who knew?

Well, most of us actually, although it's come as a bit of surprise to the panel of experts behind the UK government's Caldicott 2 review of information governance for the country's National Health Service (NHS).

The NHS' strategy for information management has been the subject of enormous controversy over the past decade - and quite rightly so. The so-called National Programme for IT (NPfIT) was perhaps the biggest technology-related scandal in the UK public sector's history.

Commissioned in a matter of hours (literally!) and with the absolute minimum of attention to detail by the then Prime Minister Tony Blair - only just embarking on what would go on to become an embarrassing yearning for 'modernity' - NPfIT rapidly became a monster, gobbling up billions of pounds of public funding and delivering very little that was fit for purpose.

The programme was finally canned last year after a series of appalling critical assessments by regulators ranging from Parliamentary MPs through the Public Accounts Committee of the House of Commons to the National Audit Office. It even merited direct and personal (if opportunistic) criticism from Prime Minister David Cameron.

But at the end of the day, despite the debacle of NPfIT from which no-one involved emerged with any credit, a modern day health service needs an information governance strategy and increasingly of course a digital roadmap.

That need was one of the key drivers behind the Caldicott 2 review of information governance in health and social care, a 140 page document from a panel  chaired by Dame Fiona Caldicott, who also authored a landmark 1997 review of patient-identifiable information in the NHS.

The panel comes (seemingly surprised) to the conclusion that while social media has encouraged people freely to share information of a personal nature that would once have been regarded as deeply private, this doesn't extend to information about medical conditions.

The report warns:

"A decision by an individual to share some of their personal information with other people on social media does not mean that those in the health and social care system should be any less vigilant in preserving confidentiality. It would be patronising in the extreme to suggest that a more lax approach to protecting confidentiality could be taken, or that people 'had it coming to them' for choosing to use Facebook, Twitter, LinkedIn, YouTube and assorted online blogs."

It recommends that citizens must have "the fullest possible access to all the electronic care records about them", including an audit trail detailing anyone and everyone who has accessed a patient's record.

The review says:

"Any provider offering virtual consultation services should be able to share, when appropriate, relevant digital information from the patient, with registered and regulated health or social care professionals responsible for the patient's care."

But all of this begs the question of whether the existing structures and organisational processes of the NHS are fit for purpose when it comes handling data for purposes other than direct care.

The review addresses this by recommending that data sets containing personal confidential data, or data that can potentially identify individuals, are disclosed for linkage only in secure environments, known as 'accredited safe havens'.

It also recommends that the Health and Social Care Information Centre "detail the attributes of an accredited safe haven" and for the Informatics Services Commissioning Group to advise the secretary of state on granting accredited status to new safe havens.

Reacting to the report,  Health Secretary Jeremy Hunt said that any patient who does not want personal data held in their GP record to be shared with the Health and Social Care Information Centre can have their objections "respected" with the patient veto would only be overridden in ‘emergency’ or child abuse cases.

"The Caldicott review has been about striking the right balance between sharing people’s health and care information to improve services and develop new treatments while respecting the privacy and wishes of the patient.

"If patients are to see the benefits of these changes we must respect the wishes of the small number of people who would prefer not to share this information. I firmly believe that technology can transform the quality of healthcare in this country, but we must always respect the fact that this is very personal information about an individual."

Hunt is concerned with the flow of information throughout the NHS ecosystem:

"Most NHS users would be astonished that information doesn't flow around the system. In many hospitals the IT systems aren't even linked within a hospital, let alone between hospitals and other parts of the health economy."

So what are the next steps? Well, first up, Dame Fiona will  chair an independent panel to oversee and scrutinise implementation of the review’s recommendations and to provide advice on information governance issues.

Of course there is good reason to maintain a healthy scepticism and a wary eye, up to a point.

The Caldicott 2 review reports that confidential personal data belonging to NHS patients was seriously compromised on no less than 186 occasions in a single year. Moreover many of the breaches were not reported through the UK's Information Commissioner's Office.

It notes:

"Inappropriate conversations or loss of paper records were the cause of most of the reported incidents."

Breaches which involved technology were:

"Much more significant involving many records and with great potential to do harm."

It's good to see the right noises being made about information governance policy. There's a huge 'Big Brother' mentality that needs to be overcome among large swathes of a sceptical public.

For example, there's a new opposition campaign called medConfidential which says it is “fighting for confidentiality and consent in health and social care.”  Specifically, it's out to challenge the way NHS England plans to collect and pass on patient health information from NHS health record systems.

And that's before we get to the rampant 'Google-phobia' of the Daily Mail and Co where the merest suggestion of online patient records in the cloud is met with hysterical cries to shut down the internet!

With that mind, it might worth bearing in mind the Daily Mail's verdict on the Caldicott review when considering its merits. The Mail is actually terribly keen, declaring it to be a “victory for privacy campaign” and boasting that Hunt has had to back down.

From where I'm sitting, that might be reason enough to pause for thought…

But overall the Caldicott report provides a sound basis for future developments. The government will give its formal response later in the summer. At least this time around, we're not making up a national strategy in a couple of hours. This is far too important to rush into...