Dr Mary Hawking has raised concerns about the inspection powers of the Care Quality Commission regarding access to individual patient records without the explicit consent of patients.
Starting next April, every GP practice in England will be inspected by the CQC once every two years. Practices will be assessed against key quality standards and reports will be published.
The CQC has the power to examine GP patient records during inspections, but said this will only be done in “very specific circumstances” and “subject to a rigorous confidentiality policy.”
Bedfordshire GP, Dr Hawking, has asked the commission what its procedures will be regarding consent, confidentiality and training for inspectors.
Dr Hawking points out that primary care records are not kept in the same way as hospital or care home records.
In order for inspectors to deduce something like whether or not a GP has discussed all treatment options with a patient, they would need to read the medical records in “extreme detail."
“We don’t know what the CQC is looking for. If they are looking for evidence that treatment options have been discussed, they are not going to find it,” she added.
She also questioned the degree of anonymisation techniques available and the storage, protection and distribution of the any personal identifiable data extracted from the records, especially as final reports will be publicly available.
In a response to Dr Hawking, the CQC says it will only require GPs to provide access to personal medical records, “when it is necessary for the function of our regulatory powers.”
“We will assume that the subject of such information wishes to retain their anonyminity,” it says.
“We will not always obtain the consent of the subject of that information if doing so would prejudice our work. It is however a criminal offence for anybody to disclose confidential information that we have obtained.”
Joint chairman of the BMA and RCGP's joint IT committee, Dr Paul Cundy, said he cannot envisage any reason why the CQC visiting inspectors should need to inspect an individual patient’s record.
“The sort of people doing the inspections don’t have the background or expertise to understand these issues,” he said.
“No matter what the law says the GP has a primary responsibility as guardian of a patient’s records and as far as I’m concerned that trumps the law.
“GPs should ask for justification as to why they need to see an individual patient’s records and ask them to show that they have the patient’s understanding that that’s happening.”
The commission’s confidentiality policy explains that the commission will use: “anonymised information wherever possible, and we will securely dispose of confidential personal information when it is no longer needed.
“We will only share, disclose or publish confidential personal information where it is lawful to do so, where it is in the significant public interest to do so, and where the recipients of the information have a genuine 'need to know',” it adds.
© 2012 EHealth Media.
The profession is not above the lawhelliewm 74 weeks ago
It is in statute that patients DPA, Common law of confidentiality and the Human Rights Act that patients can opt out of having their information shared with third parties. These rights where included and acknowledged in the Health Bill
Stating that any professions is 'above the law'...von Bismark 74 weeks ago
... is ridiculous. He should consider his position after coming out with damn fool comments like that. As a patient I'd like to be able to trust my GP AND trust that they are regulated effectively. Senior GPs coming out with comments like that don't help me with the latter.
Its a useful debate to have about what degree of access CQC should have to raw patient data and what they can do with it after. I'm glad Dr Hawking has raised it.
Assumptions about confidentialityendedupageek 74 weeks ago
There seems to be an assumption in some of the posts that we are moving from a position of well protected confidentiality towards something worse. However, my experience has been that not all GPs are, or have been, focussed on maintaining the confidentiality of their patient records.
Certainly in my local practice growing up, anyone in the practice, including the reception staff, was able to read any notes they chose. The receptionists knew everything about everyone's medical history and 'opting out' was impossible.
Then as a student, I had a part-time job working for a GP who was fed-up not being able to read his patients' notes. He employed me for a few hours a week to reorganise all the 'Lloyd George' envelopes and re-write any notes that were illegible. I read every set of patient notes in the practice and I doubt very much whether any of those patients were able to opt out either.
Obviously these are just anecdotal examples, but if I can come up with 2 such examples just from personal experience, I suspect there are others out there.
I'm not suggesting that this is any reason to relax our vigilance on confidentiality going forward. Just that it might be a simplification of the picture to suggest that under the care of GPs confidentiality is assured, whereas when other agencies get involved confidentiality might be compromised.
Re-visit Ross Anderson - and 1996Mary Hawking 74 weeks ago
Ross Anderson, in 1996, pointed out that there was a difference between the receptionists in a single practice having access to the records in that practice, and all the GP receptionists in the whole country having access to all the records of all the patients in the whole of the country
http://www.cl.cam.ac.uk/~rja14/policy11/policy11.html (you can download it as a PDF)
The situation is different - so the security model also needs to be diferent when dealing with electronic records..
CQC confidentialityhelliewm 74 weeks ago
Dr Paul Cundy lobbied succesfully for the Health Bill to still adhere to the DPA, Common Law of Confidentiality and Human Rights Act so therefore patients still presumably have the right to opt out. I seem to remember looking at the CGC a while back and it telling you to contact your health care provider if you wished to opt out. I am sure the Waybackmachine internet archive web site must have that statement somewhere.
More generally I am sure in 10-15 years time we shall reach the stage where records are not accurrate for research/audit purposes as patients start to withold information due to lack of confidentiality.
Is there a conflict between different laws?Mary Hawking 74 weeks ago
While I agree that we are all governed by the Law, is there a danger of the various laws becoming like the old joke about Standards?
"I love Standards - there are so many to choose from!"
The law establishing the CQC - and giving it powers to regulate general practice - gives it the power to inspect personal records - including patient records: all I was trying to establish is how the CQC intended to use that power, what policies and safeguards were being put in place, whether patient consent would be involved, and what would happen to the information gathered from individual patient records which would presumably have to be retained for the purposes of the report on the inspection of the GP practice.
If my questions have focused attention on the need for this to be established and published (especially the issues of whether individual patients need to consent or have the ability to refuse consent and the retention/disposal regimes) then I feel that something has been acheived.
As I said, one of the problems is that evidence of discussions about treatment will be buried in free text in numerous consultations - and may not have been recorded in a form open to easy interpretation by inspectors of any sort.
The usual response to conflicts in laws is that this will have to wait for a test case.
I am anxious not to be involved - and I suspect most people share this anxiety!
"that trumps the law" - Ridiculous!nicksamuel 74 weeks ago
Whatever the rights and wrongs of CQC access to individual patient records, statements like the above are ridiculous. This country is governed by the rule of law and if the law says that CQC inspectors can have access then nothing 'trumps' this unless it has a stronger, legal basis.
If the BMA know of a stronger, legal basis, then they should challenge these CQC powers in court to prove it. If this fails, then, these new powers will 'trump' GPs' wish to prevent detailed viewing of an individual patient's record.
If this challenge is not carried out, this argument will grumble on for years %u213 like that connected with the SCR.
Also, please keep prejudice out of the argument. "The sort of people doing the inspections don%u219t have the background or expertise to understand these issues". Presumably Dr Paul Cundy believes that this is part of the recruitment criteria for CQC inspectors.
"That trumps the law"daryl.mullen 74 weeks ago
The problem is that there is already on the statute book laws stating that data held cannot be used for secondary purposes unless the data subject gives their explicit consent.
This isn't drs being awkard but trying to navigate between very powerful organisations that have the potential to professionally ruin us
"drs . . . trying to navigate between very powerful organisations"nicksamuel 74 weeks ago
A good basis for a legal challenge, then. The courts need to sort this out not doctors. "If this challenge is not carried out, this argument will grumble on for years."
Confidentialitydaryl.mullen 74 weeks ago
Non medical managers need to remember that all doctors on graduation swear an oath. One of the central tenants of that oath is that what we are told by our patients is absolutely confidential.
Expecting doctors to dismiss this oath simply to smooth the way for regulators is asking a bit much.
Patients who wish to opt out?helliewm 74 weeks ago
What about patients who wish to opt out of their records used for CGC purposes? If I wrote a letter opting out to go into my records would that letter be honoured by CGC? Additionally what is the legal position regarding patients who wish to opt out?