It is good to see the concerns are being discussed within health circles but a wider public debate should be encouraged before this significant erosion of personal privacy becomes more than an exploration of technical capability.
There are two separate issues touched on in the article. Firstly that "A lot of problems in the health sector come about when patients are wrongly identified." and secondly that "Sharing information (between providers in the health sector) closes the loops."
There is an implication here that sharing all information enhances the identification process and, that a common information pool is a necessary requirement for the exchange of clinical information.
Identification of the individual is critical where information flows and the individual become separated. A simple example can be seen in blood testing where the results may be routed through a complex process to ultimate information users and may result in life or death decisions impacting on the subject person. However, there is no indication that the proposed sharing of information would address the issues of identification.
There can be no doubt that there should be a flow of information amongst health providers. However, there has been little or no public debate about what information should be contained in the flows and what rights over the information are retained by the patient.
General Practitioner Access to Hospital DataFrom the description of the pilot, the flow of information to GPs from hospitals is to be achieved by allowing GPs to access the internal hospital information systems.
Four GPs also have direct access to the hospital's electronic database, allowing them to access the records of all patients registered with their primary health organisation, or any other patient for whom they have a National Health Index number.Implicit in this is:
- It is OK for GPs to access information held in the hospital's electronic database for any patient; not just those registered with their PHO. Hypothetically, a fishing expedition could be mounted using the 12,567,273 valid NHIs.
- A GP would have legitimate access to the records of any hospital by having a single patient in common between PHO and Hospital. Given the concentrations of population and specialist medical services in NZ, the health records of a large proportion of people will be open to many GPs.
- If a patient is referred to a hospital by a GP, the GP's within the PHO have access to that patient's information from the hospital's electronic database regardless of the patient's wishes.
There is a clear risk arising from this. Information that might reasonably be expected to be a matter between the patient and someone with a direct clinical responsibility of care of the patient, will be available to a wider audience which degrades the privacy of the individuals involved.
Potentially, well defined electronic information systems and data-interchange services can enhance privacy and security.
Mr Cook [CIO] said electronic patient information systems were "more secure" than paper-based ones because access could be controlled and audited.Those of us with even limited contact with public/civil service or legal organisations will have come across "the Registry" where access to paper based records are managed according to right or need to know. Electronic systems may be more cost-effective but they are not inherently more or less secure than the paper-based ones that they replace. Note also use the term "could" in the quotation. Actual control and audit of information retrieval is often omitted from electronic retrieval systems perhaps because IT people focus on the every part of the system be used in the intended fashion. An assertion, from the CIO, that the access to information "will be controlled and audited" would be more comforting.
The privacy requirements do not seem to have been sufficiently addressed.
However, Otago University's bioethics centre director, Donald Evans, said ....
"My concern is, if patients become aware that information given on a confidential basis to their GP is likely to be shared with other people, it destroys the relationship of trust; people will be reluctant to be honest with their doctors; and quality of care will be compromised."
I suggest that the patients' concerns may be associated with any consultation not just with the GP. It may not be good thing medically, but there will be reasons for not sharing information of a specialist consultation with a particular GP. We can debate whether the information belongs to the clinician or the patient, but passing the information about the patient to third parties should generally be controlled by the patient.