Healthcare staff will be able to inappropriately access patient care records simply by claiming to have their consent, it has emerged. And those who abuse the system could only be tracked down by the active pursuit of trust privacy officers.
NHS Connecting for Health (CfH) said last week that the summary care record system was adopting a 'consent to view' model, meaning clinicians ask patients' permission before viewing their records.
Officials say the change means doctors will only be able to view records without consent using an 'emergency' option, intended for when a patient is incapacitated. CfH says this will trigger an alert to a privacy officer, and doctors will be asked to justify using it.
Patient data will still be uploaded without explicit consent from GP records, but the move aims to address concerns by giving patients more control.
'I feel we've put to bed the practical issues around consent,' said Dr Gillian Braunold, clinical director for the record system.
But questions put to a CfH spokeswoman revealed there are still gaping holes.
She said that 'all accesses to records are recorded on an audit trail (and) the privacy officer can request to see these audit trails at any time.'
But she could not name any measures that would stop clinicians falsely claiming to have patient consent. Nor could she guarantee that all uses of the 'emergency' option would result in an audit.
Questions remain about Dr Braunold's claim that the issue has been settled. She told a press conference that the BMA, GMC, RCN and medical defence unions had all signed up to the new model. But GPC chairman Dr Laurence Buckman said: 'The BMA is only fully onside when the BMA council says it is.'
Comment below and tell us what you think