The Editor, The Herald

A secure electronic health record

Your editorial (Herald 27th February 2010 ) “Patient privacy must be safeguarded” concludes that the benefits of sharing patient information in present circumstances are outweighed by the dangers of patient  confidentiality being undermined. The Scottish Health Campaigns Network (SHCN), created as a forum for concerns about the health service and to promote good practice in Scotland, believes there is room for a more optimistic view.

The SHCN  has had the benefit of the views of patients, doctors and professional information technology experts over several years and  concluded that the political decisions around the confidentiality arrangement for NHS  electronic medical records  are every bit  as important as getting the mechanics of  information technology in the health service right. Key to this would be the decision to make transfer of the record to an electronic form, an opt in system for individual patients. Every patient would have to be asked if he or she was willing for their health record to be held on a computer system before it could be transferred to electronic form and accessible for health care purposes. There would have to be appropriate arrangements for those too young or not considered able to make this decision.

We believe that an opt in system has political support in Scotland. A second political imperative would be a guarantee that the health record details would not be shared with other government or local authority agencies, without the agreement of the individual patient.  There would require to be an exception where part of the record was required for investigation of a crime. A similar protocol exists for the paper record at present, where a formal request must be made to the NHS records holder before there can be release of specific health record information.

A high level of technical security and confidentiality is essential for public confidence. Security of electronic transmission of medical records can be greatly enhanced by using Public Key Encryption, the same method that provides financial security to protected pages for purchases on the internet. It would require adaption to the different situation of the health record where an individual record  may be required at any one of many potential locations. At computer terminal level, individual secure password protection for access to the health record by health service staff would remain essential for security.

As we understand it, in Scotland, a computer held Emergency Care Summary is already available to authorised staff in Accident and Emergency departments and NHS 24. We believe that patients with an opt in arrangement for their full health record are much more likely to be willing to have their records held on computer. The benefit side to the patient of secure access by health professionals  to their health record is obvious. An opt in system would give individuals the opportunity to make an assessment of the importance of confidentiality and the benefit of ready professional access to health information, for themselves.

Alastair Glen

Scottish Health Campaigns Network