back to article Computer boffin on NHS Spine: Get out while you can

A leading computer scientist has sounded a warning over an NHS data collection plan, urging patients to opt out. The Summary Care Record (SCR) scheme will make outlines of medical records available to hundreds of thousands of NHS staff in England. The idea is to provide doctors and nurses in England with easier access to …


This topic is closed for new posts.
  1. Anonymous Coward


    On one hand, I am concerned about abuses of the system.

    But on the other hand , other members of my family have needed medical attention that didn't start with the GP's involvement in which case rapid access to useful basics* by out-of-hours service/A&E makes sense.

    The notifications that an SRC is in the offing for myself and my other half have recently come through.

    What's the best payoff between making useful medical information available and privacy concerns?

    *such as a summary of recent treatments, drugs prescribed

    1. BristolBachelor Gold badge


      I am a little confused. If you are not able to tell them about your recent treatments, drugs prescribed, how do they know who you are? Surely you have to tell them that, so that they can look you up (or does this fit in nicely with having everyone's fingerprints on record too?)

      If you now have to carry a card that gives them your serial number on their database, so that they can look you up, wouldn't a cheaper, less risky solution be to carry a card that gives all the info they may need? Doesn't require the database, communication links, computers, etc. Can be used by the medic treating you (paramedic, local doctor, hospital doctor, doctor that happened to be on the same plane, etc.)

      1. chris 130

        Unconscious patient?

        Heres your scenario, chest patient on holiday, unconscious.

        name in wallet - no medical history.


        Been there, still doing it.

        1. Anonymous Coward
          Anonymous Coward

          Forget it - that starts with the GP

          When I moved to another place in London I ended up with a huge debate with my "new" GP because the administrator insisted on storing my records under my first name + surname. The problem is that I have 3 first names and my MIDDLE one is the calling name.

          In other words, I am Mr A B C Surname, and I go through life on credit cards and letters and bank accounts (etc etc) and B Surname. And my previous GP records were under that name.

          But that was not a persuasive enough argument, so she stored it all under A Surname.

          In the end I got so fed up that I had an acceptance of liability drawn up, and sent if by registered post with a formal warning of the deficiency. That *finally* got me talking to someone with a working brain (scary legal documents work). I explained they had two options: either store me as "B Surname" so when I was brought in unconscious they stood a chance of pulling my record with relevant allergies, or signing the acceptance of liability. As they had now been formally warned the liability was already theirs, so the choice of handling it was entirely up to them.

          After 2 weeks I was refiled as "B Surname", which then aligned with all other hospital records out there.

          I have come across nurses and doctors that do hours I couldn't call anything but heroic, and they too spend part of their time fighting the funds consuming admin monster. In dealing with NHS management and admin I have often felt that active euthanasia may be worth considering. Quite a few of them are the superbug in the system: hard to eradicate and positively lethal.

        2. max allan

          Name = John Smith

          So, you know you've got patient John Smith on the table, no idea where he lives or his age, so from all the John Smiths in the country, you can at least determine that he is allergic to everything, currently taking everything (even though he is allergic to it) and has recently been diagnosed with everything.

          So, the name has been precisely no use at all.

          Of course, if he's clever enough to have his name and address you could probably take an educated guess about his nearest GP and maybe phone them up and say "not too many details but if I give this chap an injection of xxx will it kill him"

          But if he's going to the trouble of keeping his name and address with him, he could probably keep his allergy/prescription/illness list there too, just in case.

          Of course, if he's on holiday and foreign, he won't be in the system anyway.

        3. BristolBachelor Gold badge

          Name in wallet

          Yeah, I have my name in my wallet, but given that there are FOUR people with exactly the same name as me just in my company, I shudder to think how many there would be on the whole NHS spine. So I say again, you would need a card with *your* unique patient number on it. And it would only be of use to someone with access to a terminal that can access the spine. And was in the UK.

          Whereas a card that says "Diabetic", or what medication you take would be of help to *any* medical professional, in *any* country. And could be of use in the hour (or more) that it may take to get you to a hospital where they can look you up.

          All without the costs and problems of a huge online database of everyone, with medical "professionals" looking you up "out of curiosity".

  2. n3rt

    Echoes my GP

    I opted out of the Spine programme years ago, but despite this my GP has warned me not to ignore the letter which /should/ be sent to all of us regarding this.

    Even those who have opted out will still be included unless they complete the form and let them know.

    In his words, "it's an NHS IT project. Stay very well clear."

    1. Matt2012

      GPs half the problem

      I worked in the NHS when this project was just starting (yes 10 years ago)

      In my experience Dr's are half the reason it has taken so long and will probably fail. They currently exert enormous power not just clinically but in anything the NHS or government wants to do with the NHS. Most but not all see anything new as a threat and an opportunity to show that they have the power to prevent it. They are infamous for writing clinical notes no one can read. The other side of this project will be the ability to access your records in a readable form.

      Its crazy that we cant have a simple on-line medical account like we have bank accounts.

      Yes there are issues about data security demonstrated by the governments ineptitude. However this is not so difficult to solve. Audit all access - share all access with patient (immediate email notification) - sack any unjustified access.

  3. Anonymous Coward

    I opted out

    the second I could ... and found it telling when I handed my form in at the surgery that all the staff there had too.

    What frightens me about the YouTube/Facebook/Twitter generation is there complete lack of understanding of teh permanance of digital records. Although a self-google for me will dug up a reference to my Poly days of 1987 (when I got involved in the KERMIT project), all it shows are work-related references. Anything non-work, I use well crafted and separated aliases for.

    Does anyone remember when Eastenders started ? There was a storyarc about Nasty Nick breaking into the docs, and getting the medical records for Kath, who'd had a secret abortion when she was 16, and never told her husband. IIRC Nasty Nick then blackmailed Kath ....

    So if you want your spouse, or boss to find out your most intimate medical secrets (bearing in mind doctors might make their observations in notes too) then go ahead. But don't be surprised when they get added to your Facebook account for the world to see.

  4. Anonymous Coward
    Anonymous Coward

    biggest red herring ever

    The drug allergy is the biggest red herring known to man kind, even bigger then terrorism. What kind of idiot believes for a second that this database will be more useful then the tags that exist at the moment?

    When a paramedic arrives they check to see if you have a tag if not they get on with business, if you do they do things differently. What kind of dribbling idiot thinks that the paramedic will have time to search you, find your ID card, look you up in the system, find out which person with your name you arem, read your allergy details, and then get on with business?

    If you're that astronomically stupid, consider killing yourself now, you are only reducing the overall quality of the human species.

    1. Anonymous Coward


      Have you ever been (Concious) in an ambulance recently?

      They take your details, and transfer them to the hospital (usually) where your details, allergies, ect, would be picked up from the spine for your arrival.

      Least that's the theory.

  5. Ant Evans

    Information orthopaedics

    I don't want evil doctors knowing private stuff about me. I'd rather they just took a punt on the basis of a 6 minute consultation. If they really want the info, make them work for it, and then send them a random pile of old photocopies. Ha ha ha!

    1. chris 130

      Please don't come to our Hospital

      You're the sort of punter that scares the crap out of us professionals

      and the idiot who sues after a problem occurs.

      Seen it done it.

      1. Anonymous Coward

        @chris 130 "Please don't come to our Hospital"

        "Please don't come to our Hospital". Indeed - I'll try not to. Which one is it?

        I don't want to land up in a hospital where staff display the contempt for patients that you have.

        Apparently, medical lawsuits are never justified, and anyone who sues is an "idiot".

        No - don't limit malpractice suits. Limit malpractice.

        SCR online? Good idea in theory. More value for some patients than others.

  6. Juillen 1

    Choose the right battle...

    The spine, in its overarching aim, is a good thing. If you have multiple medical issues that need to be taken into consideration, then being able to access the full record from another hospital is a really useful thing. Any system is open to abuse, and should be tracked carefully to make sure any abuse is handled very firmly indeed. I'd assume the 'guilty' doctor mentioned in the story is no longer a doctor.

    Viewing of records should be based on admission to that hospital, or previous treatment of a person (or someone in that dependancy chain allowing access based on a 'referral' for an extra opinion). If you're not treating the patient, the hospital isn't treating the patient, and you've not been asked for an opinion, you have no business poking round in the record. Easy enough, but considering the amount of screwups they've made with the data model and apps, getting simple stuff right isn't really expected.

    The idea, though a good one (and the NHS has been pondering this longer than the politicians) is fundamentally flawed in its execution (foisted on the NHS by politicians who don't really understand how it works, and led by a guy who had to have his mother get Princess Anne to intervene on his behalf to allow him to retake his degree finals due to failing pretty badly!).

    The project really needs to go back to the drawing board, forget all the attempts at a "fast win" (I believe it was all intended to be in and working inside a year or two, so Tony Blair could look good), and build it to be scalable, secure and actually help the clinical processes, rather than getting in their way. It really does show all the signs of being a "Pen Pusher's" system. Ticks all the boxes for getting figures in, done in an obtuse fasion, and doubles the workload on clinical departments.

  7. Anonymous Coward
    Anonymous Coward

    Perhaps paradoxically

    To me this points to the need for a better ID handling system. Not ID cards or more databases, mind, but a better idea of what identity entails, and a legal and technical system to help handling that. Imagine this:

    A system that goves you a way to prove not so much your identity but your entitlement and/or trustworthyness for a great many things (old enough to drink, elegible for a loan, etc.) without giving your entire identity away with it. So that you have multiple "boxes" or "folders" attached (some with medical information, others with financial information, and so on) to that master identity over which you have full control and a way to give some access to others who have proven their elegiiblity for that access to you. So you can give your GP access to your medical records, held on a card and/or locked up (encrypted) safely somewhere. Maybe there's an override key for emergency medical personel with appropriate logging and justification afterward (and stiff penalties if unjustified). Could do the same for judicial purposes, requiring a (digitally signed) judge's order to unlock specific parts to justice. I'm sure you can come up with more things to do with a system that doesn't lay your entire legal balls on the anvil of scrutiny each time you do anything, but instead lets you state "look, I have permission to do this, here's the proof" without giving away too much information.

    But notice how this is an approach completely different from, indeed completely alien to, what the government (and not just this government) is calling "identity" at this moment. This is easy to see, because the government isn't aiming to empower its citizens. Carry on government.

  8. Christoph

    Very very slanted letter

    I had the letter. Pages of bumf telling me how wonderful it was, no warnings at all. A multi-page booklet on all the wonderful things it could do. A form to send off for more information.

    And if you want to opt out? Well, it did get mentioned. But there's no form for that, and it's not one of the options you can send off for. To opt out you have to go to a web page or phone a number.

    So I download the pdf from the web page. A three page document. Two and a half pages of telling me how wonderful the system is and how I shouldn't opt out, and a half-page opt-out form to send to my doctor.

    And all that was on that form were standard identification details, and a signature and date.

    It would have been no problem whatsoever to include that form with all the pages of other stuff. But then of course people might have seen it and used it - they might actually have made their own choice instead of being bulldozed by our 'democratic' masters.

    Even if I hadn't previously intended to opt out, that form would have made up my mind for me. It makes it perfectly clear that their claims and promises are nothing more than standard NuLab lying in their teeth.

  9. Anonymous Coward


    Where I work (which is somewhere very close to this) the Spine and the SCR are two different things, albeit contributing to the overall objectives of the "NHS IT project".

    Let's be honest, the one time that having this saves your life you will all be the biggest advcates of the system. After all, anything "on a super-computer" will never be as secure or reliable as medical records hand written (illegably) on bits of paper, stored in an open plan office and sent through the mail if you change GP. Will it? I, for one, would be happy if my medical data was available to those that needed it when I needed it to be.

    Insert your own joke here.

    1. chris 130

      SCR runs over the spine

      Which shows the report authors ignorance of the subject.

      but then the real professionals already know this.

      1. Steven Perez

        Uh yes it does ...

        Ignorance would appear to abound.

        BT says it does.

  10. Anonymous Coward
    Anonymous Coward

    Just got the bumph in the post

    There's lots of stuff about the benefits, but the only way to opt out appears to be to make an appointment with your GP.

    Well good luck with that around here. The only way of getting an appointment is to call at 08:15 (not 08:14 because the place is closed) and absolutely no later than 08:16 (because all of the places will be filled). Then, after being queued for ten minutes you have to satisfy the receptionist that you are suffering from something suitably serious to warrant an appointment, but not so serious that you should be at A&E. I'm pretty sure something along the line of 'I want to get off the spine' will be considered somewhat lower on the range of conditions than 'I cracked a nail.'

  11. Anonymous Coward

    I know! I know! We can solve this problem with

    paired two factor authentication! Both you and your doc have to insert your RSA key into a computer with an SSL tunnel to the database, and then each of you will be prompted to enter a PIN before the doc can access your medical records.

    1. chris 130

      and when you are unconscious?

      Good idea but flawed by reality

      1. steve 44
        Paris Hilton

        See that joke alert sign?

        Can you guess what it means?

  12. Anonymous Coward

    Local Councils

    It bet it won't be long before this information is made freely available to the plethora of retards that work in any local council department (as part as of this Government's obsession with data sharing).

    Just like RIPA, and other Anti-Terrorism provisions that were initially meant to be very restricted but ended up being made available to Local Councils, it wouldn't surprise me if further down the line Councils ended up getting added to an ever growing collection of institutions who "need" access to this database for some specious reason (such as child protection, prevention of terrorism or perhaps excess rubbish in wheelie bins).

  13. oldcodger

    If only the data was correct!


    By a fluke, a couple of years ago, it became apparent to my wife and I that our local health centre's, (surgery), on-line records contained errors.

    After a great deal of obfuscation, we were allowed to sit down with the practice manager and review ALL the entries in our records. There were 12 major errors in my wife's records and 15 in mine. I am talking MAJOR errors. The worst errors were that some other patients' conditions and treatments had been entered against my wife name. There were also hospital diagnosis sent as paper reports, that had never been entered. (Data missing, e.g. I was short of one cataract correction operation, a arithyscopy (sp), and an internal ultrasound). On the magic summary sheet, my acute glaucoma had been entered as "CURED" , a medical miracle. My wife was credited with a knee operation I had undergone! and so on and on and on!

    When I asked how the data entry was checked, I got a blank look from the practice manager, "Look" she said, pointing out the code of the data entry person, "this was entered by out best data entry person, a retired midwife", "Great" I said, "what is her % accuracy in keying tests?, how is the entry checked? "

    Guess what ! The data entry is never checked! The practice manager then proceeded to tell me her practice data records were very good, and that many patients moving to her practice had records from other heath centres that were really bad.

    Needless to say, my wife and I both opted out of the scheme the next day. Unfortunately it doesn't seem to have been successful, as periodically we get queries to take part in surveys, the information for which can only have come from our online medical records

    Oh, and BTW, my wife's potentially fatal allergy to penicillin was not on her record, despite her telling every doctor she ever saw at the surgery, never to prescribe penicillin as an antibiotic.

    IT in the NHS sucks big time!



    1. chris 130

      Wear an alert bracelet

      Obvious is it not

      and yes - we do read them!

      I assume she has done the most obvious thing on the planet to date?

      1. Intractable Potsherd

        @ Chris 130

        You are a very rude person. You shold apologise to the the OP for expressing objective evidence of the piss-poor performance of health care "professionals" in maintaining records.

        I don't know what branch of the health service you work in, but you are rather a disgrace to it if this is your attitude. It is not for you to decide what level of risk individual patients accept, it is for the individual. Your opinion on that aspect of this discussion carries no more weight in this discussion than anyone else's.

  14. grumbles

    what about the secondary use of all these records

    When this was explained to me a few years back that this was going ahead, I immediately requested my details to be opted out.

    My biggest scare was that I had inside access and "tested" a system to see how well the security was implemented.

    I was able to do a search for people with same forename and surname across the country, and get all their d.o.b, address and nhs number and then do a print screen.

    None of this was recorded or audited, and when I took this information to someone in authority i was informed the auditing starts once a name has been selected.

    This is just plain wrong, and makes it easy for anyone to obtain the address details of anyone in the country.

  15. Anonymous Coward

    Stay well clear

    Just remember people, those that have access only need a swipe card. The systems that access the records are basically front ends to an access database and we all know how secure that is. Right click -> Export... Sell to the insurance companies. NUFF SAID.

    Most Gp's surgeries quite happily faxed us all the medical details of those critically ill patients that needed swine flu jabs. You think they give a cahoots about security. One practice manager because she can't click on the little X in the top right, presses the OFF button to restart at the front screen. So instabillity of the system is rife

    THESE are the people that will have access.

    Don't be stupid. OPT OUT.

    The whole thing is only as good as it's weakest link, that weakest link for an everage GP is the spotty work experience receptionist (or brown shirt card carrying mini hitler) that either likes or doesn't like you and has full power over your medical records. AND who likes to gossip.

    Oh and due to PCT cutbacks most of these projects are being slated locally, so more work, less people and far less than is needed for full training and integration. Don't expect it to be bug free. If the Flu line and 4 Databases are anything to go by, you can bet this will be buggy and riddled with problems.

    Anon because you know where I work and in what department.

    1. chris 130


      And I actually do know, no urban myths please.

    2. Anonymous Coward

      chris 130 beat me to it

      "Just remember people, those that have access only need a swipe card. The systems that access the records are basically front ends to an access database"

      Crap, crap, crap.

      Access to the SCR involves a lot more than just a swipe card. You need a smartcard, a PIN, AND you need to have a legitimate relationship with the patient; this is recorded separately. If you can over-ride that and claim a relationship, it WILL raise an alert.

      If you want to nick medical records, you're far more likely to strike gold by putting a white coat on, wandering into a hosptial and doing a little social engineering.

      You are Aaron Kempf AICMFP

  16. Anonymous Coward

    Get your Fax right

    Current standard practice is they use the Fax. Not sure about anyone else but I'd rather my medical records were delivered to the right person at a secure terminal accessed by a smart card. At least any wrong doing then would be auditable.

    Rather this than it being printed off by a receptionist at my local GP and fed into a fax machine hoping that who ever finds it at the far end gives it to the right person who then keeps it securely before shreading it the minute it is no longer needed.

    1. chris 130
      Thumb Up

      Genius comment

      You should record your name and receive the due praise you deserve.

      Its a bad system as it is.

      if the SCR is not quite right, these fools should be working to fix it; not run public scare stories.

  17. chris 130

    So, got a better idea? Fax? Idiot !

    At the moment staff have to use Fax over POTS

    and I've had stuff for A&E on our machine by mistake and the number is quite different, luckily we are NHS.

    But it shows how insecure and crap the Fax service is, plus someone has to be there at the other end and unclip notes to fax and it takes f-ing ages.

    The critical time for Streptokinase is 40 minutes

    (Thats the clot buster drug for strokes)

    Guess how many times we miss the target beacuase of a lack of info - it can't be given twice!

    Of course when you go on Holiday to Cornwall or in the case of the readership, Blackpool - there is an even more critical issue - they know nothing about you!

    So rather than digital dic-heads spouting through their asses about withholding data that is less harmful than the stuff insurance companies hold about you - he suggests what in place?

    The FAX

    Word of mouth over phone?


    The answer is to FIX the spine and it might help is no1 dick for brains put his efforts into that scenario instead.

    The difference here is - I actually know what I'm taking about as I'm on bothe sides of the problem. Clinical and Technical deployment

    1. oldcodger

      Whats the point if the data is rubbish?


      IF you could guarantee that the data recorded at the local surgery was accurate then I would agree with you.

      From our personal knowledge the data held on us was DANGEROUSLY WRONG. Passing that info to a remote trust would be like firing a gun into one's head

      I did some checking or the NHS "Paper thin" project specifications when all these problems arose.

      The specification for the project was absolute crap. For instance the spec for accuracy was "the data shall be accurate". No mention of testing, double entry or any verification.

      I found that there was a "diagnostic" to check the accuracy od data. When I looked at it in more detail all the diagnostic did was to check that the short form codes for the various illnesses and complaints matched a master list of codes. So the codes entered are logically correct, whether they apply to you or not is a moot point.

      There is NO check that what is on your database entry is either complete or correct

      The public are not even given the opportunity to routinely view the data or summary sheet for correctness.

      You can ask to see your record but you have to pay for the priviledge.

      I think it is 100% safer for an A&E to take a history on arrival, than to act on the garbage they will get from the online database.

      AND remember this is not a static database.... It may be correct today, but next week when the next batch of letters and reports from consultants arrive, is the data going to be added to the correct patients records, and will the data that is entered be correct?




      1. Dave Bell

        RFC 1149

        I don't know enough to comment on details, but I would agree that checking, and tracking, of data is bad. At least it's possible to build an all electronic system which keeps track of arriving messages. That fax from the path lab might be in a Doctor's in-tray, or it might not have arrived yet. Either way, it isn't by the fax machine.

        RFV 1149 specifies better tracking of data.

        My medical history, I want the medics in an emergency to be able to get the data.

        My medical histrory, I'm scared the data they get will be, in some hitherto insignificant way. wrong.

      2. Anonymous Coward

        RE: Whats the point if the data is rubbish?

        Wrong, wrong, wrong!

        Every patient visit to a hospital *should* result in a discharge summary, with one copy for hospital records, one for the patient and one for the patient's GP, providing several layers of screening for all data recorded about a patient.

        These summaries contain information about the patient with presenting complaints, treatments given along with doctors notes, drugs prescribed and TTO's (drugs taken home), or at least it is at the trust I write software for !

        In addition, these discharge summaries are provided to all parties in paper form and to the GP surgery electronically.

    2. David Neil

      Missing the point

      It's not the existence of SCR that people object to, it's the p'ss poor security that this project has.

      In my own case my son has multipe medical conditions, and our way of making sure he is treated properly when something goes wrong is to carry a copy of his discharge letter(s).

      A SCR will be a very big help, BUT, if there is no true audit trail for every use of the system, then who knows where hte data will end up.

  18. oldcodger

    @ chris130 Temper temper

    I am glad I have never had to present to you when I have been unwell.

    I have yet to read a sensible, rational comment from you, if you diagnose as poorly as you write then God help your patients.

    I am still waiting for you to explain to me how you can treat patients using the garbage that the local surgeries enter on their databases...

    What I have written is TRUE, not an urban myth or any other rubbishing phrase that you can think up to denigrate my wife or myself.

    BTW my wife does have an alert bracelet, always has had an alert bracelet ! But we are talking about databases not bracelets in this thread.



  19. AnonPost

    Do, or Do Not.

    I got a letter from my local health authority.

    To opt out, it gives an 0845 number, "rather than your GP Practice".

    It's accompanied by a leaflet that says, "please contact your GP".

    Are they confused?

    NHS Berkshire West letter:

    Accompanying leaflet:

  20. Anonymous Coward


    I'm contracting at a major healthcare provider at the moment, one that is very much into computerizing medical records, so take this in context.

    I find it fascinating that people on this string are more concerned about strangers finding out about their medical history than with doctors NOT finding out about their medical history.

    Seems like a no-brainer to me. Not to mention getting fed up with having to fill out both sides of a four page medical history form every time I visit a new medical practitioner.

    Those of you with aging parents ought to be wondering what dad is going to remember to tell the emergency room staff when mom falls unconscious on holiday, and due to his mild dementia he can't recall what medications she's currently on. Some day YOU may be 'mom' or 'dad'.

  21. Anonymous Coward
    Anonymous Coward

    The concept is sound

    But like every almost every single Government IT scheme, it has a few fatal flaws:

    - It was designed by idiots who didn't ever think to consult end users about what they wanted or needed.

    - The project was given to the lowest bidder/biggest brown envelope.

    - The scope of the project was changed multiple times during implementation for no reason, because the aforementioned idiots didn't think to specify properly.

    - It had no project management by the client (Government).

    - Therefore, it was late and overbudget, and probably doesn't meet anyone's real needs.

    On the other hand, this applies to most Government projects in most countries - it's not just the UK.

  22. Anonymous Coward

    Don't Overlook Detailed Care Records!

    There aren't just Summary Care Records - out of which you can opt - there are also Detailed Care Records, which you can't opt out of.

    There is the very real prospect that people will opt out of Summary Care Records, and think that they've opted out completely. Sometimes, it's almost as if the whole thing about Summary Care Records, and the option of opting out, is a trick. You can't opt out of Detailed Care Records.

  23. Anonymous Coward

    The concept is only sound...

    If the people in the surgery actually DO anything in the first place with the clinical data they receive.

    As oldcodger well said, the records can be horribly incomplete, and considering the clinical systems out there are hardly able to agree on several critical specifics without having their heads battered round them, it's not a surprise that clinical data ends up incomplete on the clinical system.

    Also, when surgeries are either inadequately trained in the systems they use (To a dangerous level, I would be as bold to say in some cases.) or just driven by the financial rewards for making sure the flavour of the year's data entry is complete "Did you get the *Obscure demographic here*? WONDERFUL! Have a point!" Yes, I know that things like ethnicity can be important for certain clinical diagnosis, but that's different.

    I think the reason that chris is being so blunt is that they feel obligated to have to defend this kludgy system. It can save lives, if deployed and employed correctly. The data is usually secure, though if someone was really determined, I'm sure they would find a way to intercept it regardless. I dunno, such as pretending to be a.. BT / PCT engineer for example, and they're there to "Check the phone lines" or some crap, and install something on the IT equipment to transmit / intercept. Extreme example, but still. At the end of the day, most GP's wouldn't notice another box and another flashy light in their server room/boxroom/small cluster of PC's hidden in a cupboard.

    But that's beyond the point. The risks are the same as if the details were kept on Paper Records, or in some proprietary database brewed up for the surgery's own use. If there is data anywhere, and it's in someone's greedy interests to try and get it, then someone will try.

    The point is to have the safety mechanisms in place to either minimise the risk, and if someone does access it, to track and audit so you are able to state exactly what happened, to improve the system, whilst still having something that's beneficial to use.

    I have to say, the THEORY of the NPfIT is great. The practice is that it's run by politicians that have no idea what's required of it, and then PCT's chip in who seem to be unable to find their backside with both hands or agree between two trusts that gravity, in fact, pulls things down to the ground.

    /rant. And AC for reasons.

  24. Rob 5

    what about people who are no longer registered with a GP

    Eg, those who got struck off in some PCT list cleaning exercise that went pear shaped, those who moved house within England, but never registered with a new GP, 'cos they weren't poorly or those who moved abroad, etc.

    What happens to all their info - do they even have an option of opting out?

  25. max allan

    Chip n Pin?

    Isn't UK payment chip&pin flawed and recently been some demonstrated attack? I seem to remember reading about it here on the Reg.

    Is that the same chip n pin that the spine is going to use for access? Or are they going for a more secure version?

  26. Displacement Activity

    Just opted out...

    Got the letters on Friday, downloaded and printed out the pdfs (x4), sending them off today. On my wife's instructions, and she's a GP.

    @oldcodger: yes, it's hard work computerising the records. The data isn't checked, because that would be twice as much work, and no-one's paying for it.

  27. Mary Hawking

    Missing the point(s)?

    There are a number of slightly different issues around the SCR, as far as I am concerned as a GP interested in Health Informatics, and the situation is complex.

    The recent outcry is partly due to a sudden decision at the end of February that DH/CfH will fund the sending out of the Patient Information (to every patient age 16 or older) **provided the information leaflets are sent out before the end of March**. The funding involved is considerable - so SHAs and PCTs would be accused of wasting resources if they did not seize the opportunity.

    The prohibition on including an opt-out form in the patient packs is an added reason for concern, as many PCTs had planned, is also causing concern.

    (there is a strong suspicion that the imminent election and possibility that an incoming government might stop the whole SCR has something to do with this unseemly haste)

    Then there is the content of the SCR: there does seem to be mission creep - and a very fast creep at that!

    Initially, the SCR would have resembled the Scottish ECR: medication and adverse reactions/allergies recorded in the GP record: then an enhanced SCR, where individual items were uploaded after consultation between patient and GP, and opt-out would only be after a face to face consultation with the GP.

    After it was pointed out that this would mean an additional 50 million GP consultations just to get the SCR established, the plans changed to a "consent to view" model (i.e. everyone would have a SCR but no-one would be allowed to look without explicit consent) and an enhancement program based on a template displayed in each participating GP surgery.

    I agree with Old Codger - there is absolutely no guarantee that the GP record will be complete and accurate - any more than there was when records were paper-based: the major problem is that information whether true or false - is very retrievable in electronic records.


    This causes a problem when data is shared between organisations as you just do not know how good the information is.

    Medication - particularly repeat medication - is likely to be accurate: allergies probably: then a declining order - especially if the event happened before EPRs or elsewhere.

    Then there is the usefulness of the SCR.

    To be really useful, there needs to be good coverage of the population likely to present in unscheduled care situations (OOH, A&E etc), otherwise there is no reason for the providers (OOH, A&E etc) to install the systems and change the ways of working to be able to use the SCRs available.

    Unscheduled care usually happens close to home: if you go on holiday, the chances are that you are in reasonable health - or carry information with you - when you set out, so unless there is uniform coverage across the whole of England (and you avoid Scotland and Wales) it would still be sensible to carry information with you when traveling.

    Access would be by smartcard with RBAC (Role Based Access Control) - but there are a lot of people working in the NHS.

    One doctor knows the medication prescribed for Gordon Brown and Alec Salmon: in an enhanced SCR he would have known a lot more - but it would be selected information, and almost certainly dangerously incomplete from the treating doctor's perspective...

    The NHS is also in financial trouble: I am not sure that this project will release funding and increase efficiency.

    Ross has a lot of good points

  28. DavidK

    I haven't received a letter yet

    Is everyone going to receive a letter? Do I still need to opt out if I don't get a letter, and if so, how?

This topic is closed for new posts.

Other stories you might like