Data Sharing Review

Adrian Midgley ukcrypto at chiark.greenend.org.uk
Wed, 16 Jul 2008 20:43:59 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Simpson wrote:

> I agree however if the system was based on some sort of biometric
> marker then it would become automatic.

I doubt it, biometrics are not as good as people have hoped, and it
requires the patient or some substantial part of them to be present.
I don't think biometrics solves this problem.

> When i see a patient for the first time then i have to ask their
> permission to share their info with social work.
> With a fair proportion of them they interprete this as "tell me about
> your drug use so that i can tell social work to come and remove your
> children"
> I have become very good at reassuring people about how their data will
> be used in this instance.

A view common if not general on this list, and which is my own is that
we actually have very little idea how their data will be used, and that
there are few reliable boundaires and minimal effective controls on how
it is used.

I try not to reassure people about things like that.


>> 2.  It makes work when the patient is not there difficult - unless the

> As part of the initial "data sharing" interview then patients can be
> asked "if your records need to be accessed in an emergent situation
> and you are unable to give permission at that time do you give your
> consent for that to happen"
Although at present I understand the DoH/NHS view on this is that
consent is not needed in that situation.  I suspect it is very rare,
that those who it is likely to happen to have bracelets or a card in
their wallet - which are both rather mroe reliable than NHS IT
facilities as yet, and that the number of times when it would be done,
and useful non-obvious information would be revealed that way would be
remarkably small.

> Having worked for years in A&E this would enable much more rapid
> treatment for patients with a number of conditions, and it is these
> patients that would be more than happy to sign up. Also patients on
> interestingly lethal drugs would also consent quite quickly (yes
> warfarin, i'm looking at you).

They get a book...
Pencils could be issued.


> Once patients got used to putting thier finger into a reader (for
> instance) prior to consultations with GPs, pharmacists, nursing staff,
> SHOs (or whatever they are called these days) in hospital then it
> would become routine very quickly.

And the same probably applies to buses, tube trains, crossroads, front
doors etc.   This Perfect Day, Ira Levin.

> It would also give them reassurance that they had control over their
> information which is something that nobody has any assurance of at
> present.

I think several more changes would need to be made.

> PKI with some sort of key escrow accessible by specific medics (senior
> A&E docs) would enable this to happen and would reassure me that my
> private records aren't going to be left on a laptop then being sold in
> irc channels after some mandarin has a moment of forgetfulness in a
> taxi or TNT loses another "encrypted" disk.



>>
>> I favour an absolute rule of all reading of the patient's notes being
>> reported to them, quarterly or  monthly or by access to a web site at
>> their will - whatever is suitable.  Like a phone bill or credit card.
>>
> 
> cart <-horse
> many of my patients are no fixed abode and are not yet part of the
> information age wrt inet access
> Social exclusion is the main acheivement of this area of Glasgow so
> that wouldn't work.

I see you have a point there, however while the patient may lack a fixed
point, there are many around.  At the risk of sounding like the Daily
Mail, some people in that situation manage to attend the benefits agency.



>> Each report should say who accessed what, what right they asserted, what
>> purpose they declare and what they accessed.
>>
> 
> I have worked for Big Pharma and would trust them as far as i could
> throw the collective members of the board.
> If i was approached by someone doing research to induct patients into
> a trial or use details for a cohort then i would still rather gain
> informed consent every time.


>> Given (existing or required) logging of access this becomes a sizeable
>> but not difficult task.
>>
> i agree with all access being logged anyway even (in fact especially)
> after consent to create a decent audit trail.
> 
> a decent sized mySQL cluster should do it
> :-)


Concur, although I'm unsure of the scale of the technology.  I suppose
one should do some numbers, based on say 60 million people getting a
report every quarter based upon things that happen on average around
once a month.

- --
A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkh+T38ACgkQb80am9d/Stew4gCggokoo3gYprm5jL/+/mQ0xhNd
og4AoMXpQ4MbzTH17wFzZXTxh4pdGmqr
=HVo6
-----END PGP SIGNATURE-----