Data Sharing and TPP
Date sent: Wednesday 22 March 2017
You will probably have read that concerns have been raised about the NHS IT systems in general practice and the sharing of data - click here - to read the Daily Telegraph article last Saturday.
The issue relates to the enhanced Data Sharing Model (eDSM) that exists within TPP SystmOne. There have been concerns raised with the Information Commissioner (ICO) that this model is not sufficiently robust to meet the requirements that exist within the Data Protection Act, particularly Principle 1 and Principle 7. Click here to access DPA Principles.
There are over 6000 organisations that use TPP SystmOne and this includes 2700 practices but also includes:
- Community Service Providers
- Accident and Emergency Services
- Ambulance Trusts
- Mental Health Trusts
- The Prison Medical Services
- Care Homes
There are large parts of Wessex where the sharing of information held within the GP patient record is occurring now. The Community providers in Dorset, Wiltshire, Southampton, Portsmouth and the Isle of Wight all use Community TPP, some of our hospices now use Palliative care version of TPP, Poole Hospital is shortly going to go live with a core module to enable the hospital clinicians to see the GP records with the patients consent. The Primary Care Access Centres, such as the one in Lymington, when they see patients, the clinicians are able to access the complete GP record.
These example are benefiting patients now and where sharing this data occurs patients need to be made aware and so there is a model of informed consent and generally their is a Data Sharing agreement in place.
One of the issues is that there are potentially over 6000 organisations who can access your patient records if the practice sets TPP SystmOne to the sharing in and sharing out option.
My understanding, and I am happy to be corrected, is that for someone to see my medical records (and I am registered with a TPP practice) a person would need to work for an organisation that uses TPP SystmOne, they would need to have a unique identifier and password to access their system. They would then need to register me on their system, which would include various demographic information about me, they would then need to search for my records, once they found them and to access they they would have to indicate that they have consent to view the record. This consent can be overridden and therefore allow unauthorised access from sites or individuals not related to providing direct care to the patient. There would then be an audit trail in my records to show who had accessed them and when and which organisation the worked for. Practices are alerted when consent is overridden. Records of consented accessing have to be searched for o reports can be run. A message is sent to the practice to indicate someone has accessed these records. In addition I am registered for online services with TPP SystmOne so I can, if I wish to look to see who has viewed my records.
There are concerns that the consent to view model is not secure enough.
Patients can decide they do not want to share their records and can therefore ask for this facility to be turned off for their records. In addition there is the facility to make an entry in any patients notes that is only visible by the person making the entry, or you can restrict the access to the practice so that anyone outside the practice cannot view this entry.
Fair processing of data
Your patients have the right to know what you are doing with their data and any action that fails to achieve this could potentially end up in a prosecuting under the Data Protection Act. This is balanced with the duty of a GP under the GPC to share information for the provision of direct care for a patient.
The Information Commissioner is not requiring practices to write to every patient to inform them of any changes to the Data Sharing but there does need to be a proportionate response from an orgaisation to inform patients.
Last year, I was involved in a pilot with the TPP practices, a Community Provider and a local Hospice to create a shared record to benefit patient care and to try to become more efficient. To get the pilot started we engaged with the Information Commissioners's office to try to ensure that we were compliant with the DPA.
We suggested that we would inform patients by:
- Producing a leaflets explaining the Data Sharing and put this in our surgery waiting room
- Put information of our practice website
- Add the detail to our patient information leaflet
- Display a poster in our surgery waiting room
- Create a slide to use on the TV display in the practice
- Use all available patient email addresses and mobile numbers to send information
- Add this information to the practice Facebook page and twitter account
- Discuss the Data Sharing with the practice patient participation group
- Write to the local paper who published an article on the matter
- We produce a pack for newly registered patients that included a consent form for Data Sharing
We did all the above and then about 6 weeks later we switched the data sharing on. This was acceptable to the ICO's office.
Attached is a leaflet that I have drafted for my practice, I am waiting further discussions before I finalise this but I am sharing the unfinished leaflet to give you an insight into the issues that I believe need to be shared with the patients.
The GPC, RCGP, NHS Digital and TPP are working with the ICO to try to resolve this matter. The GPC is about to produce guidance for GPs which I will share when this is available.
Today the ICO's office has issued the following statement:
ICO statement in relation to the potential risk to patient medical records held by GPs on TPP SystmOne
An ICO spokesperson said: “The ICO has data protection compliance concerns about SystmOne’s enhanced data sharing function and the potential risk to patients’ medical records held by GPs.
“However, given the possible impact to patient care, the ICO is not advocating that users switch off data sharing at this stage.
“The ICO’s concerns are centred on the fair and lawful processing of patient data on the system and ensuring adequate security of the patient data on the system. We continue to work closely with TPP, NHS Digital and NHS England and have seen an initial plan that they have put forward. This includes initial steps they are taking to remedy these issues and further work is planned.”
Click here - to access the ICO's statement.
I will keep you updated when I have further information.
Dr Nigel Watson
Churchill House, 122-124 Hursley Rd
Chandler's Ford, Eastleigh
Hants. SO53 1JB (Registered Office)
Attached file: Please read this leaflet carefully v3.docx