Fewer than half of NHS trusts have successfully “pseudonymised” their patient records, missing a government target aimed at making patient data more secure.
Figures from the Department of Health show that by 31 March, 186 out of 396 acute, mental health, ambulance and primary care trusts had reported successfully pseudonymising their patient records.
Under the DH’s Pseudonymisation Implementation Project, all NHS trusts are expected to encrypt patient identifiers in their data so it can be used safely, legally and securely for non-patient care, including commissioning, performance monitoring, analysing clinical trends and business requirements.
Pseudonymising data is regarded as safer than simply removing patient identifiers to make data anonymous as it allows individuals to be traced if analysis shows that they face a clinical risk.
But it needs to be carried out consistently in order to support information flows between NHS organisations and with central bodies such as the Secondary Uses Service.
In June last year, the DH rejected a national approach to pseudonymising data as “not feasible in practical or financial terms” and instead issued guidance for this to be carried out locally.
The PIP website says: “It is a legal requirement that when patient data is used for purposes not involving the direct care of the patient - [that is] secondary uses - the patient should not be identified unless other legal means hold, such as the patient's consent or Section 251 approval.
"This is set out clearly in the NHS policy and good practice guidance document 'Confidentiality: the NHS Code of Practice', which states the need to 'effectively anonymise' patient data prior to the non-direct care usage being made of the data.”
A DH spokesperson said: "Relevant, meaningful information is key to measuring, monitoring and improving the standard of NHS services.
“We are making good progress towards ensuring that where there is a legitimate need to use patient data, it is not identifiable to protect confidentiality. This is in line with proposals being considered as part of the Information Revolution [consultation on a new information strategy for the NHS].
"Our guidance is clear that the NHS should no longer use identifiable data for these purposes. All remaining trusts should have plans to meet the requirement as soon as is practicable."
Read about the latest concerns about confidentiality and data in research in Insight.
© 2011 EHealth Media.
Confusion reignsDavid Stone 154 weeks ago
Coincidently I have just received an email discussing the content of the secondary use session at the NIGB workshop on 6th June. I agree with Laura, but one of the more complex aspects is New Safe Havens with this being differently interpreted in different guidance. This will be one of the areas explored on 6th. By then we may have seen IGT v9 and will know if it has been quietly dropped or not.
The NIGB website has useful advice and details of the workshop for anyone interested (http://www.nigb.nhs.uk)
Lack of KnowledgeLauraJ 155 weeks ago
As someone who had to step in to replace a staff member and complete this project in 3 months - I found a lack of knowledge and interest from the people who were apparently pushing us to complete this target. I have yet to receive an acknowledgment of our report (which I queried when it had to be submitted, they didnt even know we needed to submit anything!)
To be honest, I figured the project had been quietly dropped. Certainly no pressure and absolutely no guidance regarding it - anyone else find the paperwork provided differed slightly in what was expected?
David Stones commentPeterWillemse 155 weeks ago
I agree with David, all IG Toolkit scores are based on self assessment and internal audits so don't show excectly the right score. As soon as the new government came into power and more spending cuts were introduced Information Governance has got a lot less in priority and a lot less or no work at all has been done to get to the right level.
Shock and aweDavid Stone 156 weeks ago
I am shocked that so many trusts have claimed level 2 in IGT 8-324 (the measure of compliance I have assumed is referred to here).
I have presented on this nationally for the past two years and have found no more than a hand-full of trusts planning or implementing the Privacy Enhancing Technologies the ICO refers to and were required to meet this standard as written, particularly 2C (the facility for multiple pseuds).
We have worked with a number of trusts over the last 18 months and a number have truly reached level 2 in the spirit of the requirement, but this has been hard work and required solid commitment from the CEO down.
I maybe being unfairly cynical, but from the level of understanding I have found nationally, I expect 186 is about four times the real level of compliance.
NHS organisation, IG Toolkit and PseudonymisationPeterWillemse 156 weeks ago
I have expected this after contacting all NHS Organisations in July, September and October / november 2010 and March 2011 not even one needed support.
All cost savings and only thinking about them selves and about the fact that most of them will cease in 2012 and 2013 so why should they bother.
There will be no santcions as there have never been when they didn't comply with the IG Toolkit.
The DH and the SHA's should have stept in and supported all their NHS organisation like they were ordered to do in one of David Nicholson letters.
In May 2008 David Nicholson wrote to Chief Executives and SHA CIOs, a letter that set out further actions for SHAs regarding review of IG toolkit scores for PCTs and Trusts and requiring that SHA have access to information governance subject matter experts.
Just one pilot would have been a huge cost saving and enough to role it out to all the other organisations. This was rejected by DH who only wants to spend or let us call it waste money as much as possible. It's like all them separate projects for Patient information systems and is there anyone working without any problems already?