In the beginning the patient told the doctor a secret. And, behold, the doctor kept the secret in his head until he died or forgot it. Later on, the patient told the doctor a secret, and the doctor wrote an aide mémoire for himself in cryptic handwriting, abbreviations (or in Latin), and destroyed it when he retired. Later again, the patient told the doctor a secret and the doctor wrote it out clearly in a record folder shared with his or her partners and a nurse or two, which the receptionist saw but couldn't talk about outside on pain of losing her job, and which followed the patient about like a bloodhound for the rest of their life. And now, the patient tells the doctor a secret and the doctor can do one of two things: she can type it into a practice computer system, soon, under the government's Information Strategy for the Modern NHS 1998–2005 to be amalgamated into a national electronic health record, or — she can keep the secret in her head until she dies or forgets it.
Entering the names Heidi Tranberg and Jem Rashbass into Google told me two things relevant to this matter. One was that the authors of this book have exactly the right qualifications: Tranberg is a solicitor with experience in medical record cases, now researching the field in Cambridge; Rashbass is a medically-qualified information technologist and educationalist, an executive director of the NHS Information Authority and a government adviser. The second lesson was how incapable any of us is of comprehending the power of the mechanism that can chose exactly the right web link, in less than a second, out of the 4.6 billion webpages, covering the whole of knowledge, currently indexed by Google.
Tranberg and Rashbass point out the urgent need for an open and informed debate on the possible consequences of storing personal details on such an unprecedented medium, and here they have provided us with the definitive primer for that debate.
‘The protection of patient information is the cornerstone of effective health care,’ they say, ‘medical records contain some of the most personal and private information known about individuals, though this must be balanced with the need to use information in other contexts.’
Yet the impossibility of achieving this balance in a way that satisfies the interests of all parties, on every occasion, is a recurrent theme of their book.
Governments are now taking the issue of the confidentiality of personal data very seriously. But their attempts at legislation have led to new difficulties as well as progress. The Data Protection Act of 1998, for all its merits, has had negative effects on medical research, and although it has given patients the right of access to their records, again with many benefits, it remains unclear what rights, if any, they have to change them. The unofficial shredding of an offending letter, which I remember occasionally happening, is probably now impossible.
The Freedom of Information Act of 2000, which comes into full effect next year, will open the way for any member of the public to access information held by government bodies, including the NHS. Will that include anonymised and pseudonymised patient data? Probably yes. Tranberg and Rashbass explain the difficulty of ensuring that individuals remain impossible to identify when these techniques are used. If identities are concealed behind an encrypted NHS number (the British government's preferred option) who will hold the key to the encryption? Will they always guard it wisely?
The complexities surrounding the issue of consent — historically the mainstay of confidentiality — are detailed clearly. And the authors do not duck the difficult truth that consent cannot be valid if people can only obtain essential services by providing it. Whether you agree with their conclusion: ‘introducing medical privilege [that is, giving medical records the same status as legal records] is not likely to be beneficial’, will depend on your point of view.
Tranberg and Rashbass point out that in 1997 the Caldicott Committee (of which I was a member) concluded that there was a culture in the NHS of breaching patient privacy; 31 out of the 86 different flows of identifiable patient data identified were not found to be justifiable. They go on that there is: ‘an overriding belief within the NHS that the sharing of information benefits many, harms few and is essential for efficiency and expediency.’ At the same time, ‘The UK public is concerned about medical privacy’ (96% of people in a survey by the UK Information Commissioner said it was very or quite important) ‘but generally trusts that doctors and the NHS will keep their medical records confidential’.
It is that fragile trust that is at risk if we conflate the personal relationship, in which integrity is still assumed, with the mediated relationship we have with corporations and governments, in which it so notoriously is not. At the moment when we encourage patients to tell us their secrets we are close to doing so on false pretences. We must not wait to be pushed into action by litigation or by patients starting to routinely withhold sensitive information. The current situation is in unstable equilibrium and cannot be sustained. GPs have a central contribution to make in furthering the debate, which this book has so ably begun.
- © British Journal of General Practice, 2004.