This page contains a Flash digital edition of a book.
MEDICAL RECORDS


Alan Frame looks at the benefits and risks of patient access to online medical records


T


HE UK Government has pledged that as of April 2015 all GPs in England should offer their patients online access to summary information in their records. Data published in


May of this year by the Health and Social Care Information Centre (HSCIC) showed that over 97 per cent of patients in England can now take advantage of online services (including appointment and repeat prescription requests). Tis is a huge increase from 3 per cent in April 2014 and is welcomed by many patients. Tere are some obvious advantages for patients in being able to


easily access personal medical information – and also potential benefits to practices who now manually manage increasing numbers of subject access requests under the Data Protection Act 1998. But is some caution advised? Simply making a medical record available online does not negate


the responsibility to comply with requirements of the Data Protection Act, especially in relation to the lawful processing of “personal sensitive data” as defined by the Act. Current arrangements for responding to subject access requests,


for example, mean that data controllers must take steps to ensure that accessed or copied medical records are appropriately redacted of any inappropriate third party identifiers, and also information that could cause serious harm to the patient or other individual if they became aware of it. Tese requirements will continue to exist even where patients have full unrestricted online access to their medical records. And there are other specific issues that need to be considered in our new cyber-world.


Clear medical utility Researchers from the Institute of Child Health, Queen Mary University of London, and the University of Bristol have recently highlighted concerns about the potential for unintended harm in providing patients online access to records. Tey expressed


14


concerns over the possible adverse effect on vulnerable patients in accessing their personal data. Tey recommended limiting online access to recent information that has “clear medical utility, such as test results, referral letters, clinic letters, current medication and allergies”. Te researchers also cautioned that online access to full medical


records should be implemented slowly in a staged process and with thorough evaluation. Tis all suggests that practices will now still have to “go through the burn” of inspecting each medical record thoroughly before it is made available for online access by the patient. Such an approach seems to be fairly logical and risk-averse, but I am presently unaware of many protests from data controllers in this respect, which does make me wonder how many practices are actually undertaking this task before making a record available online. Of course, there is a plus side to inspecting records for online


access in that once it’s done it’s done, meaning that in the longer term practices may become less burdened with responding to written subject access requests. Practices will of course still have to find ways of ensuring that any new entries in the patient record comply with redaction principles.


Access by whom Te researchers were also particularly concerned about the


SUMMONS


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24