Information society : agenda for action in the UK : evidence received after 31 March 1996 / Select Committee on Science and Technology.
- Great Britain. Parliament. House of Lords. Science and Technology Committee.
- Date:
- 1996
Licence: Open Government Licence
Credit: Information society : agenda for action in the UK : evidence received after 31 March 1996 / Select Committee on Science and Technology. Source: Wellcome Collection.
19/324 page 321
![f Dr A W Macara, Dr SIMON JENKINS, ; 16 April 1996] Dr CoLin SMITH AND Dr Ross ANDERSON [ Continued Lord Flowers contd.] of people would have to have access to this information and the risk of penetration and the risk of improper use and disclosure would be 100 per cent. What we have to do is to find robust and effective mechanisms for allowing users and clinicians acting on their behalf to restrict access to personal health information to those people whom they choose to have access. Now we have come up with a number of principles which can be implemented in computer systems and which will see to it that this happens. Currently we are doing a pilot among a number of general practices to make sure that the principles are practical, and we believe they are, and what we have basically got as a result is we believe a constructive way forward for removing the worries about confidentiality and enabling widespread use of telematics and other communications technology in the support of medicine. (Dr Macara) That is a brief review, my Lord Chairman, the clinicians would no doubt like to communicate how they see it. (Dr Jenkins) Firstly, my Lord Chairman, in answer to Lord Flowers, my concern about the importance of privacy is not really so much as a doctor but as a patient or as a citizen. Therefore I believe it is of fundamental importance to ensure that my rights asa citizen are protected. The real benefit of information technology is that you can actually now make it much more secure than in the manual systems. It is a theoretical possibility it will be translated into practical effect if one starts from the perspective of having a proper security policy that places the issue of confidentiality at the centre of its requirement or its specification. One needs to protect the privacy of the individual rather than the security of the organisation. 426. You must be paying a lot for your privacy in that case. (Dr Jenkins) You feel, my Lord, that it is more expensive to protect privacy than not to? If one sets up a system of computers which are interlinked or have the opportunity to link them up, then you can spend an awful amount of money in setting up the infrastructure but if patients realise that their confidences are likely to be threatened then they will not wish the professionals who look after them to use them. The loss of public confidence in a network that is not secure will be an absolute disaster because all of the benefits we have been talking about now will not come to fruition. It is fundamental that privacy is at the centre of our concerns. Baroness Hogg] There can be very little privacy in telemedicine. Your example of the entire conference in Lisbon peering down the larynx of somebody in Finland does not mean their privacy was a prime object. Lord Flowers 427. With permission. (Dr Jenkins) Exactly. There are two aspects, there is the question of consent and of course one actually wishes to obtain proper, informed, explicit consent. We, the BMA, believe—and I am sure our Chairman will reiterate what I am going to say perhaps more eloquently—that of central importance is the need to obtain proper consent from patients so that they really understand what information is being held, where it is going to, who has access to it and so on. Providing that consent can be obtained then there are times when it would appear that privacy is breached. Privacy is not breached if consent is obtained. If it is not obtained then there needs to be legislation to ensure that reasons for disclosing patient’s information without consent are based in law and there are proper penalties for those who breach it. Of course the Lord Walton Bill! is one which has taken that issue in hand. The other aspect, of course, is in relation not to the consent issue but to security. I think this was the question that was asked and therefore where patients have not given consent for their information to be revealed it needs to be held securely and in such a way that confidences are not breached. Baroness Hogg 428. There is always a grey area here, is there not? If you were a patient in a remote area and you were told you could have this advanced form of endoscopy down the telephone line or whatever but at the price you lose control as to who knows somewhere out there in the ether what is done to you and what your condition is, it is not exactly an unrestrained choice as to whether to protect your privacy or not. (Dr Jenkins) I think it all hinges on how you inform patients and how you obtain consent from patients. For example, let us take the issue that is causing us concern and this is the question of item of service claims by general practitioners. Formally when a patient went to a GP for contraceptive services they signed a form registering for those contraceptive services and it was understood that that form went off to the FHSA where the details about their contraceptive history were held, namely the fact they were receiving contraceptive advice. I am quite sure that many people did not realise that those databases with that information were not under clinical control. However, you could argue they had given consent because they had signed the claim form. Now with the item of service links, the patient does not have to give that authorisation and the information goes down the wire to the FHSA or the health authority from the GP. I cannot understand why the name and the address of the patient with their contraceptive history has to go to the FHSA for me, as a GP, to be paid for that service when I can doa minor operation on another patient such as remove a wart and all I have to do is to declare the number of procedures that I have carried out. It makes no sense when you are forced to breach the confidentiality without consent of the patient for contraception but you can do a minor surgical procedure without having to identify who that patient is. 429. I do not want to labour this point but it seems to me you are making my point for me. Saying: “This patient consented because in the constrained circumstances of a GP surgery they put their !The Disclosure and Use of Personal Health Information Bill {H.L.], which received its second reading in the House of Lords on 13 March 1996.](https://iiif.wellcomecollection.org/image/b32218631_0019.jp2/full/800%2C/0/default.jpg)
