Our practice is one of four taking part in a project to look at an emergency electronic health record (EHR). It is a joint initiative involving a local hospital, the ambulance service, an out of hours cooperative and the local social services department. The practicesÍ EHRs will be downloaded ïoff siteÍ and managed by a third party. The emergency EHR would then be available to the local A&E department, the out of hours cooperative, the ambulance service and social services.
Q What patient consent is required?
A This is a complex question and needs to be considered in two parts:
a) Downloading data onto a central server
Several practices in Great Britain and Northern Ireland already download data to a central server. The General Practitioners Committee of the BMA has issued guidance on the topic: Remotely held records and centralised servers.1 The key principles are:
Custodianship: At present a GP must be nominated to be responsible for the record - this is usually the GP with whom the patient is registered. If the proposed new GMS contract is adopted, the practice will be responsible.
Access: The GP, as custodian of the medical record, must retain control and remain ultimately responsible for access to the information by others.
Patient consent: Patients have the right to know where their records are held and what they may be used for. Posters in the surgery waiting room are not sufficient to comply with the Data Protection Act 1998;2 they should supplement other forms of communication, which could include information leaflets, face-to-face communication and letters sent to the patientÍs home.3
Encryption: Information held on a central server must be encrypted. Requirements for NHS encryption are described in the Strategy for Cryptographic Support Services in the NHS.4
b) Access to the emergency EHR
The records must be secure and access must be by authorised personnel only. Verbal consent should be obtained wherever possible - and this should be possible in most cases. In a life-threatening situation when the patient is unable to give consent, both the GMC and the Data Protection Act would consider access without consent acceptable. However, this would not be the case if the patient had previously refused consent and his or her records were suppressed, i.e. they could not be viewed.
The practice must ensure that staff comply with the above procedures. Each individual practice must have a contract with the third party, an independent company, specifically relating to the storage of EHRs, and it must include a confidentiality clause.
Q What happens if a patient does not consent to sharing his or her records?
AThis question lies at the heart of all forms of medical records. The practice must retain the ability to suppress the entire record or specific information held in it. This project cannot proceed until this is technically possible.
Q Should the social services department have access to patientsÍ health records?
AThe simple answer is: no, it is not appropriate.
The benefits of A&E or a GP in an out of hours cooperative having access to an emergency EHR are clear. However, it is much more difficult to see the health benefit of social workers having access to patientsÍ health information.
Q At times, emails sent by NHSnet are returned undelivered, with a message saying ñThe recipient could not be processed due to congestion in the message transfer service.î Why does this happen, and how can it be prevented?
A This occurs when the volume of email traffic using NHSnet is at its greatest, and is due to the insufficient bandwidth of NHSnet.
Broadband connection is becoming more common among internet service providers (ISPs) and NHSnet will also be going over to broadband - the contract for supporting NHSnet is being renegotiated and this forms part of the negotiations. A recent announcement from the Minister for Health in Wales has stated that broadband connection will be available soon for all GPs in Wales.
The number of messages sent via NHSnet will increase significantly in the future, especially if electronic communication replaces much of the current paper exchange between hospitals and general practice. Practically all you can do now to alleviate the situation is to send important emails at times when NHSnet is not busy!
Q The practice would like to develop its use of IT. One area identified has been the use of computers for tasks other than those performed using clinical systems. What is the most effective way of doing this, both in terms of time and cost?
A Training is as important as equipment in the development of IT in the NHS – it is no use having powerful IT systems if none of the staff knows how to use them effectively.
The NHS has been looking at various training programmes and all NHS staff will soon have access to free basic IT training.5 The European Computer Driving Licence (ECDL), an online learning programme,6 which aims to educate people in the basic IT skills, will become available nationally later this year.
The best way forward is for practices to approach their primary care organisation and ask when this training will be available. If no reply is forthcoming, ask them to approach the National Health Service Information Authority (NHSIA).
- British Medical Association. Remotely held records and centralised servers. London: BMA, February 2002.
- Information Commissioner. Use and Disclosure of Health Data: guidance on the application of the Data Protection Act 1998. Cheshire: Information Commissioner, May 2002, p. 8.
- Inform. NHS Information Authority News, Issue 8, July 2002, p. 1. www.nhsia.nhs.uk
- Watson N. European Computer Driving Licence: what it means for the NHS. Guidelines in Practice 2001; 4(10): 90-4.
Tell us what you think
If you have a comment on anything you've read in Guidelines in Practice, or an idea you would like to share with readers, please contact us as shown below. Please state your full name and job title when writing. Letters or comments will be edited and may be shortened.
Post: Guidelines in Practice, The Chapel, Park View Road, Berkhamsted, Herts HP4 3EY
Fax: 01442 862650
Website: feedback page