On 23 March, the Joseph Rowntree Reform Trust published Database State, a report on the legality, safety and effectiveness of the government's major database systems.
In it we concluded that two NHS systems – the Detailed Care Record (DCR) and the Secondary Uses Service – were almost certainly illegal and that a number of others including the Summary Care Record (SCR) had serious problems. We concluded that SCR would be legal only with patient consent, and so in the absence of an effective opt-out it too would almost certainly be illegal.
The response SmartHealthcare.com reported from the Department of Health on 24 March (Database report attacks detailed care records) is significant. The Department does not contest our claim about the legality of DCR and SUS. Officials merely deny that the SCR is illegal and make vague points about consent.
Our analysis depends, inter alia, on the recent I v Finland case in the European Court of Human Rights. In that case, a nurse with HIV had to leave her job in Helsinki because her colleagues found out about her illness. The hospital computer system there let all staff see all patient's records.
The court awarded her compensation and ruled that patients have the right to prevent anyone seeing their records other than the clinicians directly involved in their care. This is really just the traditional view of medical ethics that the General Medical Council upheld here until recently.
However, both DCR and SUS were designed to make this traditional kind of medical privacy impossible. DCR is designed to share medical records across regional providers. This is implemented already in some areas and is causing problems not just with privacy but with safety.
The pregnancy charity AIMS reports that sharing GP records with social workers has made poorer women less likely to seek treatment for post-natal depression, leading to an increased risk of maternal suicide.
SUS is designed to make summary medical data widely available to administrators and researchers. Wellcome Trust director Mark Wallport has been outspoken in arguing that no-one should have the right to withhold their medical data from researchers, and health minister Ben Bradshaw has
made clear that no opt-out will be allowed. The Catholic Bishops' conference, on the other hand, demands that women be able to prevent their records being used in research on contraception, abortion or stem cells.
The department now has the effrontery to say "We recently consulted widely on this specifically to ensure that patient consent and confidentiality are protected". The reality is that patients who have refused to have their data put on SUS have been denied medical care. Bullying and deception have also been used systematically to stop patients opting out of other systems such as SCR.
Under European law, coercive consent is no consent at all. And although the department claims that the databases are legal, it has consistently refused to publish the legal advice supposedly confirming this.
The Court's decision in I v Finland has settled European law in favour of the patients and the bishops. It is time for ministers to stop playing games and accept the consequences for the National Programme for IT (NPfIT) – a project that is years late and destined to fail technically.
The recent transfer of control over NPfIT from Connecting for Health to the Department of Health may be a start, but it is not anything like enough. The government must abandon the DCR project and redesign SUS so that patients' data are held there only with their consent. As that will take time, patients must be allowed to access healthcare anonymously if they wish.
Thereafter we need to manage our health IT as in other European countries; record-keeping systems should be bought by the doctors who will use them, while the centre restricts itself to setting standards for safety and interoperability.
Bureaucratic micromanagement has failed, and it is time for Britain to rejoin the European mainstream.
Ross Anderson is a co-author of the Database State report
