NHS SPINE – PERMISSION TO DELETE CARE RECORDS

The creation of electronic summary patient records which can readily be accessed by medical teams on the NHS broadband computer system, known as the Spine, is one which has met with approval in many quarters. This is unsurprising given the potential health benefits resulting from clinicians being able to access such records. However, this approval has been tempered by concerns that the NHS, in common with other large-scale public authorities, may not be able to maintain appropriate levels of security with respect to this manifestly sensitive personal data. Yesterday the Guardian reported that, following talks between the ICO and Connecting for Health (CfH), the agency responsible for implementing the records scheme, CfH has now yielded to calls for NHS patients be given the right to have their summary care records deleted from the system (although deletion would not occur if the records had already been used, in which case they would be archived for medic-legal reasons). The right to have records deleted will be additional to the right already granted to patients to opt out of the scheme before a record is created for them. CfH’s decision to permit patients to have their record deleted represents a move away from earlier proposals that, where objections were made, the record would simply be ‘masked’ within the system. Notably, the news over changes to the care records scheme comes only days after it was revealed that records revealing personal data relating to tens of thousands of MOD personnel, which were lost last year, had contained not merely financial information but also highly sensitive vetting information. The revelations have been controversial because, whilst the loss was announced last year, neither Parliament nor the ICO were informed that the lost data included sensitive vetting data.