Records, Computers and Electronic Health Record

A medical record in paper or electronic format provides a written account of a patient's medical history, containing information about diagnosis, treatment, chronological progress notes and discharge recommendations.¹ A whole raft of legislation, standards and guidance on what has become known as 'Information Governance' has been produced in the last few years to cover issues of access, confidentiality and disclosure.

The following are the main pieces of legislation covering the creation, storage, and sharing of health information

• Common law duty of confidence - confidential patient information may only be disclosed:
  • with a patient's consent or
  • where it is required or permitted by law (statutory instrument or Court Order), or
  • where the public good achieved by disclosure outweighs the individual's right to confidentiality
  A range of bodies, including the Healthcare Commission, the Audit Commission and Primary Care Trusts has statutory powers that can require disclosure of information.²
• Computer Misuse Act 1990- identifies a range of offences relating to unauthorised access to or unauthorised modification of computer records.³ This act may apply where an unauthorised third party accesses information being transferred. Enforcement is difficult, prosecutions uncommon, but may be relevant where systems are used other than by authorised staff for approved purposes.
• Access to Health Records Act 1990 - provides qualified right of access of a deceased individual where the person seeking access has an interest in the estate of the deceased. Only applies to records created after 1st November 1991.⁴
• The Data Protection Act 1998 - eight principles which define the conditions under which processing (including recording, storage, manipulation and transmission) of personal data can be determined to be legally acceptable. There is a special section in the Act addressing the sensitive nature of health information and the needs of health professionals to communicate that information between themselves. The Act gives patients rights of access to their medical records and applies to electronic and paper-based record systems. The Act requires that patients are made aware of who will see their personal data and for what purpose. It does not prevent clinical data from being shared for NHS purposes, but may require other uses to obtain explicit consent from patients (e.g. to investigate fraud).⁵ The eight principles state that information should be:
  • fairly and lawfully processed
  • processed for limited purposes
  • adequate, relevant and not excessive
  • accurate
  • not kept for longer than is necessary
  • processed in line with subjects' rights
  • secure
  • not transferred to countries without adequate protection
• Freedom of Information Act 2000 - gives a general right of public access to all types of recorded information held by public authorities (including GP Practices), sets out exemptions from that general right, and places a number of obligations on public authorities.⁶ A response to a request for information must be made within 20 working days. From a GP perspective, this Act is intended to cover general information held by the practice, not personal health information which is covered by other legislation (e.g. the Data Protection Act). It is important to get this right. If in doubt, contact your defence organisation. The Information Commissioner's Office can also be very helpful (see website link below).
• The Health and Social Care Act 2001 (and subsequent amendments) - conveys powers to the Secretary of State for Health (in England and Wales) to make regulations to enable or require the release of patient information where disclosures would otherwise be restricted by the common law.⁷ This is a wide-ranging act but, concerning information, it mainly relates to processing patient information for the diagnosis and treatment of cancer, the recognition, control and prevention of communicable diseases or other risks to public health.
• Electronic Communications Act 2000 - allows for the creation and transmission of prescriptions by electronic means in cases where specified conditions are met.⁸
• Human Rights Act 1998 - based on the European Convention of Human Rights. Of the 15 articles, the most relevant for GPs is Article 8 which provides a right to respect for privacy that can only be set aside in accordance with the law when considered necessary in a democratic state. The Government advises that this right is respected fully where there is compliance with the Data Protection Act 1998 and the Common Law duty of confidence.⁹
• The GMS, PMS and APMS Regulations and Directions 2004 - include provisions relating to patient records, the confidentiality of personal data, rights of access to, and the provision of patient and practice information held by contractors.¹⁰ The Regulations provide Primary Care Organisations (PCOs) with the power to require patient, and other, information to be provided by practices where this is necessary in order for them to discharge their responsibilities. These Regulations override common law confidentiality but for GMS contracts the use of these powers must be governed by a Code of Practice. PCOs will be expected to follow the same code for PMS practices. The Code aims to ensure that the powers are invoked only where strictly necessary and that anonymised data is used wherever practicable. Useful guidance on the sharing of information with PCTs has been produced by the BMA.¹¹
• Mental Capacity Act 2005 - this was enacted in 2007. It is relevant in situations where a patient who lacks mental health capacity has not appointed a representative with lasting power of attorney. In such circumstances, a senior health professional has the power to act in the patient's best interests, and this may include the sharing of information.¹²
• The Access to Medical Reports Act 1988 - this allows patients to see medical reports about them, for employment or insurance purposes, written by the doctor with whom they normally have a patient/doctor relationship. They may see the report before it is supplied or for up to six months afterwards. Access to the report may be denied in two circumstances - if the reporting doctor feels that it contains information which may cause serious mental or physical harm to the patient, or if it contains information from a third party who has not given consent to disclosure. If they disagree with any part of the report they may withdraw consent for it to be supplied, ask for agreed inaccuracies to be altered, or require that a note is added outlining the differences between their view and that of the reporting doctor.¹³
• The Terrorism Act 2000 - Section 19 of this Act places a statutory obligation on health professionals to disclose relevant personal health information where they believe an offence under the Act has been committed. Furthermore, if information is disclosed to the Serious Organised Crime Agency under this guidance, disclosure is exempt from any obligations of confidentiality under Section 34 of the Serious Organised Crime and Police Act 2005.¹⁴

The facility to record clinical information exclusively on computer became lawful in October 2000. This raised new areas of clinical risk. See also records on Clinical Negligence and the Electronic Patient Record and Paperless Medical Enterprises

The world of information security is a complex and fast-changing one, and most standards apply to the NHS as a whole, or to individual computer suppliers. However, GPs may need to familiarise themselves with the terminology, particularly as practice-based commissioning develops. The main standards are:

• ISO/IEC 27002¹⁵ provides guidance on best practices in information security management to ensure compliance with the current information security regulations.
• IEC 61508¹⁶ sets out the requirements for ensuring that systems are designed, implemented, operated and maintained to provide the required safety integrity level. It sets out basic technical safety requirements with which computer suppliers are expected to comply.

• Informed Consent - the gold standard for the disclosure of information is informed consent, unless there are clear legal reasons why this should be overridden (such as the Mental Capacity Act). The policy endorsed by all relevant bodies is that where information sharing is part of the care process and patients are made aware of the option to refuse disclosure, consent may be implied. In all other cases, specific and expressed consent must be sought. Care must be taken not to disclose information about third parties, and an electronic record must be kept about any disclosure. Where patients lack capacity, and also in children, guidance should be sought before disclosure (e.g. from the PCT, medical defence organisation, BMA or publications below).
• Anonymisation and pseudoanonymisation - data are not confidential if the individual cannot be identified directly or through linkage with other data. Ethical and policy restrictions still exist, e.g. research guidelines. There are two categories of anonymisation:
  • anonymised (unlinked) stripped of any elements that would allow identification of individuals
  • pseudo-anonymised (linked) - individual records could be identified by authorised personnel
  Data may be treated as anonymised and there is no common law requirement to seek consent for their use. Processing must still comply with requirements of the Data Protection Act. Wherever possible, use anonymised data.
• Data ownership - the move towards an integrated health record (see below) renders irrelevant the long-mooted discussion about who 'owns' a patient's health record. As one of several 'data controllers' GPs will have to decide whether requests to access information about their patients ('data subjects') is valid and safe, and whether consent is required. Issues surrounding confidentiality of integrated records are covered by the NHS Care Record Guarantee.
• Research - no data should be disclosed without the approval of the relevant patients, clinicians and research ethical committee(s). Extraction of patient-identifiable data, other than for routine care, should only occur, with the knowledge and informed consent of the guardian of the record (e.g. the GP), following approval from a Research Ethics Committee and responsible PCO, and should either be with the informed consent of the patient, or be approved by the Secretary of State. See Good Practice Guidelines for General Practice Electronic Patient Records for further information.¹

The growing availability of scanners has led an increasing number of practices to consider 'going paperless'. In reality, many practices still use a modicum of manual data recording systems. For medicolegal purposes, practices that wish to become exclusively paperless need to obtain accreditation from their PCO. PCOs and LMCs have been given the task of developing local accreditation procedures, but most base their criteria on the Good Practice Guidelines for Electronic Records endorsed by the Department of Health, the GPC and the Royal College of General Practitioners.
These guidelines suggest that for practices applying for accreditation:

• It should be possible to download demographic information into the clinical system
• Data should be record in a manner that is complete, accurate, relevant, accessible and timely.
• All clinicians should participate in data recording and enter their own data directly into the clinical system, including that from home visits.
• The practice should consider what data is not recorded at all (or not consistently) on computer by some or all clinicians.
• Data from other primary health care team (PHCT) members, such as community and practice nurses, locums and registrars should be captured.
• Data from new patients should be captured on the system.
• Protocols of care and/or diagnostic criteria (where available) should be used consistently and made acceptable to the practice as a whole.
• The individuals who will design, develop and implement templates or protocols should be identified.
• Data from external providers (e.g. hospital discharge letters, pathology and radiology results), should be captured.
• A protocol for managing system failure should be established.
• Data quality should be monitored.
• Training for general practitioners and other practice staff involved in data capture should be considered.
• A practice IT lead should be identified.
• A baseline assessment should be carried out to enable the practice to understand what changes need to be made.

Entering information via Read coding rather than free text has revolutionised the ability of practices to search and audit their data. Whilst adequate for primary care, the Read code system does have its limitations in the wider environment of the integrated care record, and SNOMED CT (Systemised Nomenclature of Medicine) has been selected as the standard terminology scheme for the National Programme for IT (NPfIT, see below) The rights to the production, distribution and development of SNOMED was acquired by International Health Terminology Standards Development Organisation (IHTSDO) in April 2007.¹⁸ NHS Connecting for Health (NHS CFH) will act as the host organisation of the IHTSDO, and the centre responsible for UK activities will be known as the UK Terminology Centre (UKTC).¹⁹

The Government's vision is to establish, through its agency Connecting for Health an NHS information technology system which will be able to communicate within itself (e.g. transfer of information between GPs, the hospital sector and community services), with external agencies such as social services, and with health services globally. Accountability for delivery of this project was passed to strategic health authorities in April 2007.²⁰

A new system of funding for GP computers has been instituted called the GP Systems of choice program (GPSoc). This will encourage system suppliers to develop software which is compatible with the local service provide (LSP) care record. The means of ensuring this compliance is called the Common Assurance Process (CAP).²¹
To deliver the objectives, several components need to be in place, the most significant of which are:

• N3 - the National Network, which replaces the private NHS communications network NHS net. A migration program has been pursued since 2005, and by January 2007 over 18,000 sites had been connected.²²
• GP2GP - a project to enable the transfer of the electronic component of a GP patient health record to a new practice when a patient registers with a new practice for primary healthcare. More than 2000 practices are now using the software.²³
• NHS Care Records Service - aims to develop individual electronic record for every patient in England, securely accessible by the patient and selectively available to those providing care. This is an ongoing piece of work which involves input from a wide range of clinicians.²⁴ An Early Adopter Program, using summary care records, started in April 2007, and will be gradually rolled out over the next few years. The date for implementing the full program is 2010.
• Choose and Book - allows GPs and other members of the primary healthcare team to make initial hospital or clinic outpatient appointments. If preferred, patients can make their appointment later - after consulting with family carers or colleagues - either on-line or through a telephone booking service. The Choose and Book website states that all NHS hospitals are now using Choose and Book, along with 88 per cent of all GP practices in England. Approximately 15,070 referrals are made every day through the service, representing 45 per cent of total NHS referral activity from GP surgeries to specialist care. As of November 2007 over five million referrals have been made by this route. Choose and Book has not been without its critics. With lack of certainty about the funding for general practice implementation in 2008, a shadow must hang over the future of the project as a whole.²⁵
• Electronic Prescription Service - enables electronic transfer of prescriptions from primary care prescribers to dispensers in England. Objective is that every GP surgery (for use by the GPs, nurses and other prescribers working from the surgery), community pharmacy and other dispensers will have access to the service by 2007. Release 2 is currently being rolled out to some PCOs. This will enable paperless transfer of prescription information from GP practice to pharmacist, and will cover all necessary drugs.²⁶
• The NHS Spine - the national database of key information about a patient's health and care, forms the core of the NHS Care Records Service. Detailed information will be held at local level, but minimum data set to be held at national level will include NHS number, date of birth, name and address, allergies, adverse drug reactions, major treatments (the Care Record Summary).²⁷ This project has also had its fair share of criticism, focussing particularly on concerns about the confidentiality of the information held.²⁸

The rate of delivery of NPfIT will depend upon the availability of resources, changes in Government policy, and technological advance which may send the programme off in an entirely different direction. Optimists feel that all the objectives are on target. Pessimists say that the scale of the project is too ambitious and that it will never be fully achieved.