Email
Professor Ross Anderson, a security engineer, has warned in an article for SmartHealthcare.com (The devil is in the detail) that the Detailed Care Record (DCR) and the Secondary Uses Service (SUS) were "almost certainly illegal". He recommended that clinical records should be bought and maintained by the doctors who use them, and that no patient data should be stored without the patient's consent.
Should healthcare providers worry? Probably not, when it comes to the issue of whether databases are legal. The relation of European Court of Human Rights judgements to UK law and policy is complex. Harmonisation certainly isn't instant: the court found in 2005 that the British ban on prisoners voting violated their rights, and yet, although the government is considering votes for those with sentences of under four years, the law remains unchanged today. Anyway, the case of I v Finland, on which Anderson relies, hinged on the audit trail for who had viewed records, rather than on access to information per se.
Databases are an emotive topic and polarise debate. This is a shame: nuanced discussions about specific initiatives are much more useful than broadbrush condemnations or defences of government IT. But while last year commentators were incensed about data loss and information assurance, this year it has become fashionable to criticise the very existence of government databases on civil liberties grounds.
It has given some currency to a highly challengeable notion of personal data rights: that an individual has ownership of any data compiled by another person, but relating to them.
Anderson and his co-authors of the Database State report regard it as a "violation of rights" that patients who refuse to allow their X-rays to be stored remotely in digital form cannot receive NHS medical care. They go on to suggest that "personal control of data is a wider issue than privacy," and quote a view that religious women should object to research on birth control which uses medical information derived from their care records in the anonymised aggregate.
This doesn't hold water. The civil liberties argument is strongest when it suggests that unscrupulous operators – perhaps insurance loss adjusters or journalists – might access and misuse sensitive information supplied to hospitals in good faith. It goes without saying that safeguards against this are vital. The argument is much less strong when it appeals to supposed natural and fundamental rights of data ownership and privacy.
Why should an individual receiving free healthcare, from a service not always able to meet every clinical need, have the right to insist on where X-rays of their limbs are stored? People who want care which satisfies their personal quirks as well as their medical needs will always be better served by the private sector.
And why do these hypothetical conscientious objectors to birth control have rights over this data? The data also relates to the doctors who provided care: are their rights over data relating to their professional competence relevant? What do we say about the rights of those whose clinical outcomes might be affected should the data in, say, cancer registries be compromised by widespread opt-outs?
Clinical ethicists engage daily with broad principles of utility and important, yet often conflicting, moral side-constraints. It shouldn't be a problem for them to give due consideration to the notion that patients "own" all data about them, but then to relegate it to its proper place in the hierarchy of competing principles.
Data about the clinical outcomes of NHS processes has immense value both in prioritising investment in treatment, and in promoting evidence based medicine. As taxpayers and as future patients, we should be happy to insist that data about how our national health service functions belongs to all of us.
;