My Lords, like other noble Lords, I congratulate my noble friend Lord Colwyn on securing this important debate. Notwithstanding that it is a huge—some might say monstrous—subject, I intend to focus on the national programme for information technology.
At the outset I should make it plain that there are few more fervent adherents of IT than myself. To that extent, and irrespective of the raft of difficulties that have plagued the programme over the past few months, I accept without question that effective use of IT is an essential part of reform of the NHS and the future of healthcare in the UK. But what matters here is the "how". At the heart of this is recognition that a required, even essential, outcome of reform is improved focus on the needs of the user—that is, the patient. Indeed, NHS Connecting for Health appears to accept this dictum. Its guide to the national programme states:
"The new era dawning for the NHS involves modern, sophisticated IT which will provide solutions to the problems that have dogged the NHS for years. In tandem with other programmes, a much more patient-centred NHS will emerge, able to deliver on patients' needs at times and places to suit them".
It adds: "Importantly", patients,
"will be able to take more control of their health and treatment, with information to make choices more readily available".
That is all good and well. But a top-down system driven by centralised control and targeting—the Government's current proposal—is antipathetic both philosophically and practically to the concept of giving patients more control of their health and treatment. Nowhere is this dichotomy more apparent than in the Government's approach to the issue of confidentiality of patient data.
As your Lordships will be aware, the linchpin of the new system will be electronic NHS care records compiled for each of England's 50 million patients. While the full details of each individual record will be retained locally where care is delivered, it is also intended that a summary record will be automatically "uploaded" to the NHS spine, characterised by the CfH as a,
"core data storage and messaging service".
As such, this database will be accessible, albeit at variable levels of authority, by not only the 300,000 or so NHS staff who have been issued PIN-coded smart cards so far but also by non-medical authorities provided that their requests for access are judged to be in the public interest. It should be borne in mind that summary care records will comprise data that would fall within the category of "sensitive" as defined in the Data Protection Act, not least because at last month's annual meeting of the Care Records Development Board the decision was taken in principle that there should be a "single holistic record" of patient care, encompassing not only health records but social care information. In effect, it does not stretch credibility to suppose that the spine represents the health and social care records arm of the national identity register.
I freely admit that, in some ways, the principle is sound. It is in the interests of patients that, within an efficient and well run computerised system, their records should be readily accessible wherever and whenever they are needed. But such a system should not be devised at the cost of stringent privacy safeguards. Fundamental to this is whether patients should have a right to opt out of having their data uploaded to the spine. After all, under the second data protection principle, it is a statutory requirement that sensitive personal data,
"shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes".
In reality, the whole issue of the patient opt-out has been something of a farce. John Hutton stated:
"Patients will have the right to specify that detailed information recorded at the point of contact with the NHS should not be available to other NHS organisations".—[Hansard, Commons, 2/11/04; col. 176W.]
In similar vein, the NHS care record guarantee of February 2005 states:
"From the outset this new system will enable you to control whether information in electronic records made about you by the organisation providing your care can be seen elsewhere in the NHS", adding, without a hint of irony, advice to patients that they should:
"Only give others access to records about you if you are sure it is necessary".
At the very least these comments imply a right for patients to opt out of the spine.
However, in stark contrast to this, the CfH's output-based specification published in 2003 contained the warning, presumably to potential IT suppliers, that there would be:
"High sensitivity, both actual and political, of Spine data for which no patient consent has been obtained ... A patient will not be entitled to refuse to make their personal data available to the Spine. Data about all patient events may be routinely communicated to the Spine without the consent of the patient".
Also, a week ago the Department of Health issued a press release indicating that it would not permit those who had sent in a coupon provided by the Guardian to opt out of the spine.
The confusion and muddle of the situation is perhaps bad enough but, as your Lordships will be aware, a recent survey has revealed that 80 per cent of GPs fear that the confidentiality of their patients' medical records will be at risk if they are uploaded to the spine. This is not mere supposition. According to the Sealed Envelopes Risk Assessment Project report commissioned by the CfH, the security and confidentiality of patient data would be best achieved by a "sealed envelope" design, with data held locally rather than uploaded to the spine. Moreover, as evidenced by the YouGov poll on ID cards in last week's Daily Telegraph, there is growing public discomfort with the accuracy, reliability and confidentiality of centralised databases.
By any measure, the trend of public sentiment in this area is towards a more patient-centred approach. It is therefore regrettable that, notwithstanding the soothing rhetoric to be found in some of the policy development literature, the Government seem to be lapsing back into an almost Stalinist mindset, an enforced centralised diktat delivered with all the subtlety of the playground bully. It is as if the Government are attempting to articulate a new orthodoxy here, one which has uncomfortable echoes with the anxieties expressed by the Information Commissioner, Richard Thomas. He has highlighted the NHS scheme as part of a trend where:
"As official databases grow in size, there is a corresponding thrust to join up all the separate holdings".
Henry Porter put it succinctly in the Observer last weekend. He said:
"The implication of these systems and databases is that we all have something to hide. It follows that a condition of the new citizenship that New Labour has dreamed up for us is that innocence must be routinely demonstrated in a process of daily positive vetting and if this entails the loss of freedom and privacy, well, that is just the price we must expect to pay for security".
The extent to which the NHS spine may or may not be part of this trend is a matter of conjecture. Be that as it may, there is considerable legitimacy in the expressions of concern of both patients and GPs. For my part, I would heartily recommend that anyone who shares those concerns should visit www.nhsconfidentiality.org. The Government really do have to make up their minds whether the avowed determination to make the NHS more patient-centred is actually delivered or just so much hot air. A good start would be to allow patients the right to opt out of the spine.