The Information Governance Review report led by Dame Fiona Caldicott, published today, called for patients to be able to see an ‘audit trail’ of everyone who has accessed their personal confidential data via their health and social care records.
BMA leaders backed a warning in the report that although confidential information could be shared for appropriate clinical reasons, such as in discharge letters, whole records should only be shared with patients' consent.
BMA medical ethics committee chairman Dr Tony Calland said: 'We are very pleased that there is a commitment to respecting patients’ objections to confidential data being shared as this is something the BMA has worked hard to reach agreement on. Confidentiality is the cornerstone of the doctor/patient partnership and we must do all we can to safeguard it.'
The review said although it was only asked to consider issues in England, ‘there is much in our report which should prove useful in all the jurisdictions of the UK’.
It also called for frontline staff to share confidential information more widely to aid patient care.
By 2015, GP practices in England will have to let patients book and cancel appointments, order repeat prescriptions and communicate with their practice online, as well as offering online access to records and test results.
Now the review has called for all health and social care to follow suit and allow patient access to records within the next decade. ‘This will not automatically happen unless there is a clear plan for implementation,’ it said.
‘People’s lack of access to their records under the present system is causing great frustration. People are being told they have a choice of services, but their choice is constrained if they do not have the facts about themselves.’
A ‘culture of anxiety permeates the health and social care sector’ when it comes to sharing information, the report said.
‘Managers, who are fearful that their organisations may be fined for breaching data protection laws, are inclined to set unduly restrictive rules for information governance. Front-line professionals, who are fearful of breaking those rules, do not co-operate with each other as much as they would like by sharing information in the interests of patients and service users. There is also a lack of trust between the NHS and local authorities and between public and private providers due to perceived and actual differences in information governance practice. This state of affairs is profoundly unsatisfactory and needs to change.’
There were 186 ‘serious data breaches’ reported to the DH in the year leading up to the end of June 2012, the report revealed. It said many of the breaches were reported by strategic health authorities ‘and not through the Information Commissioner’s Office, which has the power to impose financial penalties up to £500,000’.
The review called on the DH to develop and implement a standard template that all health and social care organisations can use when creating data sharing arrangements.
A DH spokesman was unavailable to comment.