Statistics from Altmetric.com
New data protection legislation came into force in the UK on 1 March 20001 introducing safeguards for the processing of information relating to individuals, including obtaining, holding, using and disclosing that information. The law represents a substantial departure from previous data protection legislation as it applies not only to computerised and electronic information, but also to paper records held in certain filing systems. It covers virtually all structured information about identifiable, living people. Patients' statutory rights of access to their health records are enshrined in this act, which abolishes the cut-off point before which there was previously no right of access to manual health records (1 November 1991, and 30 May 1994 in Northern Ireland). This means that UK patients have a new right to see their complete health records. Older records were not written in the knowledge that patients might see them and there is concern about the nature and tone of some of these. When complying with their statutory obligations, doctors will have to discuss these matters sensitively with their patients where an aspect of a record could cause offence.
General issues of access to health information are also the subject of debate in the UK. The main issue of contention is the legitimacy of implied consent. The Department of Health (DH) advises that people imply their consent to the use of information for “National Health Service (NHS) purposes” when they seek or accept NHS care. Professional and regulatory bodies, however, contest the validity of implied consent unless patients are aware of the potential uses of their information and given a genuine right to refuse. The British Medical Association's (BMA) guidance on confidentiality goes into considerable detail about the responsibilities of doctors not to release information without consent.2 It offers practical suggestions for informing patients of their rights, although recognises that a single system of providing information to patients is unlikely to be the answer. With the vast array of record-keeping arrangements in the NHS, keeping track of people who have refused consent and acting on that refusal is potentially highly burdensome. Failure to do so, however, may be construed as a breach of patients' legal and ethical rights.
The UK is to have a new national body to provide advice and promote best practice on the confidentiality of patient information. The National Confidentiality and Security Advisory Body will work to improve the way patient information is handled. It will set national standards to: govern confidentiality and security of patient information; promote awareness of issues surrounding patient records, including access and security; feed guidance to, and provide support for local “guardians” of confidentiality, and advise ministers and government bodies. The board will include patients, the public, consumer interest groups, health professionals and regulatory bodies, NHS management organisations and information management and technology experts.
In July 1999 there was a public outcry at the revelation that a hospital had accepted a deceased patient's organs, donated on condition that all recipients were white. An immediate government inquiry was launched, which reported in February 2000.3 It concluded that “to attach any condition to a donation is unacceptable, because it offends against the fundamental principle that organs are donated altruistically and should go to patients in the greatest need”. Whilst recognising that one consequence of a decision to reject organs might be that potential recipients might die before another organ became available, the panel was convinced that this was legally and morally the right decision. The report does not contain any ethical debate but acknowledges that there are others who would argue that the overriding principle should be to save lives. The report recommended that: “the DH should issue guidance stating that organs must not be accepted if the donor or family wish to attach racist or other conditions about the recipient; and NHS training programmes should be reviewed to ensure that all staff are aware of their obligations and responsibilities under the Race Relations Act 1976”.
The same day, the DH published its Review of the United Kingdom Transplant Support Service Authority (UKTSSA).4 The UKTSSA was established in 1991 to carry out a range of support functions for transplantation, including maintaining the waiting list for transplantation, allocating donated organs and maintaining the NHS Organ Donor Register on which people can record their willingness to donate organs after death. The review concluded that “central organisation of the donation process on a UK basis is essential to meet legal requirements, maximise use of scarce donor organs, ensure their placement to the most appropriate recipients and ensure equity between those waiting for an organ”. It recommended that UKTSSA should be more closely involved in the development and extension of national publicity initiatives, and should provide central support to transplant co-ordinators. Despite also passing responsibility for improving donation rates to the authority, the report did not provide any clear strategy for achieving this.
In commenting on these two reports, the Royal College of Surgeons of England and the BMA, welcomed the conclusions reached, but believed strongly that the proposals did not go far enough.5 The BMA called for a radical review of organ donation and a broad-ranging and informed public debate to develop an overall strategy for increasing the number of organs available for donation.
Access to general practitioners' (GP) records by insurance companies is the subject of ongoing debate within the medical profession. The risk-based nature of insurance in the UK means that the comprehensive medical histories held by GPs are a valuable source of information to insurers. Doctors and patients, however, are concerned that asking a patient's treating doctor for information might be detrimental to the doctor–patient relationship. Anecdotal evidence suggests that some people are reluctant to involve their GP in HIV or genetic testing, fearing that the results will jeopardise future insurance prospects. Even if the information is not known to the GP, however, the client is obliged to reveal all relevant information to the insurer.
Insurance companies are reluctant to relinquish this cheap source of good quality information. The solution proposed by some doctors is to prevent insurers from seeking information from GPs. There is a strong lobbying group which believes that the doctors' regulatory body, the General Medical Council (GMC), should prohibit doctors from releasing information to insurers. The BMA believes this is the wrong approach, and would rather raise awareness about the responsibilities of insurance applicants to disclose all relevant information. Failure to do so could invalidate policies and even lead to allegations of fraud. Another difficulty is that one GP often provides care for many members of the same family. When such a GP is asked for a family history, he or she therefore needs to take particular care to avoid breaching the confidentiality of other patients. The BMA is working with the Association of British Insurers on guidance for doctors, which will focus on obtaining valid consent to disclosure and clarifying doctors' responsibilities with regard to family history. The GMC is looking at its advice on these matters too.
The Icelandic database
International attention continues to be directed towards the development of the Icelandic database. In December 1998 the Icelandic parliament passed legislation to develop a database containing the health records of the entire country, which could be combined and analysed with genetic and genealogical data. Iceland provides an ideal population for studying genetic variation because of its stable population. Attempting to identify a mutant gene in most populations has been described as “trying to detect a single flat note sung by one person while wandering through a public park in which everyone is singing his own favourite tune”. But a population like Iceland “is more like a chorus, so it is much easier to detect the off-note”.6 Few geneticists doubt the potential benefits which could arise from the database but its creation is causing considerable unease.
The main concern is that the legislation does not require people's consent for the inclusion of their information on the database. Individuals may opt out but, it has been argued, this has not been widely publicised and the procedure is complex. If consent is withdrawn, existing data about that individual cannot be removed from the database.7 The database will contain identifiable information and despite encryption there remain serious concerns about the security of the data and the individuals and organisations permitted access. The Icelandic Medical Association opposes the legislation. The World Medical Association has stated that it “violates the WMA's commitment to confidentiality, the principles of real and valid consent and the freedom of scientific research”.8 There is also concern at the decision to grant an exclusive licence to one company, deCODE, for the creation and operation of the database.
Given these serious concerns, the success of the database remains to be seen. Its greatest value is its ability to collect the full health record of every citizen but in January 1999 it was reported that a third of family and hospital doctors had told the government they would not provide information for the database unless requested to do so, in writing, by their patients.6