The report found that just over half the general public (53%) and a slightly smaller percentage of patients (46%) thought that identifiable data should never be used for research purposes without consent while only about one in ten researchers (11%) thought this.

There’s something about survey results that makes it seem as though opinions are just ‘out there’ in people’s minds, ready to be found out. This is surely even less the case with Electronic Patient Records than with topics like attitude to immigration or Labour vs. Conservative. Most people don’t even know what an Electronic Patient Record is, let alone have any idea what they think about them or how they should work.

The Department of Health clearly recognized this, and went to great lengths to provide information for their survey respondents. The survey includes 23 questions, but the word count is an impressive 6,000, most of which is providing background information to each question, told through the story of their imaginary patient Pam.

I sympathise with the Department of Health. It’s not easy to get peoples’ informed opinions. But neither is it easy to take in 6,000 words of information about a new topic, even if you have the time (or inclination) to read it. Which is why (and you may have seen this coming if you’ve already been to our Get Involved page) we’ve designed our Democs discussion game, in which very short gobbets of information are presented on information cards which are shared and discussed.

And factual information isn’t the only thing people need. Even more importantly I’d want to know the issues involved for different people. Pam (the Department of Health’s imaginary patient) has diabetes and her use of medical records will of course be influenced by that. But what about someone with very private sexual health information on their record? Or someone who has a rare disease which desperately needs other peoples’ records in order to find a cure? In order to give my opinion on how the system should work for everyone, I need to a chance to think about the perspectives of other people. And it’s hard to do this by yourself.

Let’s go back to the Department of Health’s results for a moment. Over half of patients want to be asked before their identifiable records are used, while only 11% of researchers think they should be. With more discussion and more opportunity to examine different perspectives, it will be interesting to see whether the results of our Who Sees What? project will differ.

The Department of Health has reacted to the feedback they’ve gathered. Recognising the value patients put on consent, they’re just launching a series of pilots on how best to manage the consent system. This suggests that people’s input can change things. So it’s never been more important to get that process right.

Herefordshire is celebrating becoming the first county to integrate their NHS and council IT system in a great step forward for more joined-up public services.

Hereford’s ICT director Zack Pandor said:

If you look at the interaction for someone who has had a stroke, they will have a range of requirements. They may need social care services, housing, support from GPs and specialist acute services. To join up these systems and services creates a range of opportunities that are truly immense to provide seamless care to citizens and patients.

While Herefordshire so far has not integrated their health records with other areas of the council, the Isle of Mann is taking it that next step for their children’s services. Programme director at System C, the IT providers for the project explains:

The bespoke system will enable the 35 social care practitioners, working across five different teams in the Children & Families department, to access a shared care record system in order to manage the large volume of information they receive over the course of a case. The system will also be integrated with other departments in the Social Services Division, including the Resource Centres for disabled children and the multi-agency Youth Justice Teams. When appropriate, information will also be shared with both the Primary and Community Health Services on the Island.

Many have been arguing for a long time that a person’s health, housing and care needs are not separate but intimately connected, and service providers need to communicate better to create more rounded care.

However, whil the Isle of Man’s status as a self governing British Crown Dependency means it has more freedom to experiment with the new system, we are still some way off a shared record system here on the mainland.

Should we be following suit?

A hospital sharing a record with a GP seems very natural to most of us. But how would we feel should our health details were accessible to the housing services or care workers? And if they were, would we want these workers to undergo the same confidentiality training that health professionals currently do? Many are worried that from here it is a close step to records being shared with the police or immigration services.

As so often happens with electronic patient records, great opportunities for improvement come up against equally legitimate concerns about protecting patients’ privacy. Steering a path between the two is proving no easy task.

The results are impressive – the list of scandals gives the impression of data loss of an almost serial nature. A couple of thousand patient records lost on a stolen laptop here, another 2,500 left on a laptop next to a skip there. One of the more embarrassing stories is from NHS Central Lancashire where the medical details of 6,360 prisoners were left on a memory stick. The information was encrypted but the password was stuck to it on a post-it. In another, an unencrypted memory stick was left in the back of a car and only rediscovered when it was handed back by a carwash attendant.

The lessons are pretty clear. Memory sticks are a very common theme, so let’s stop carrying patient information around on them. Stolen laptops are another. So let’s leave patient information on their official record, and only access it through the proper channels. The point is that the electronic systems aren’t usually to blame. It’s the people using (or misusing) them which cause the problems.

Of course, googling is hardly a rigorous research method, and gives an exaggerated impression of the problem. ‘NHS staff don’t lose any patient records’ is never on the front page because it’s not a story anyone’s interested in reading. As more patient records are computerised and as databases get larger and more centralised, the potential for security risks also increases. That’s why there have been no less than 14 NHS organisations given formal warnings in the six months between October 2008 and April 2009.

Patient confidentiality has always been part of medical training, but never before have NHS staff had access to so much data. It’s never been this easy for things to go this wrong. And they’re set to become even more powerful as the programme continues. Confidence in the staff that know so much about us is essential if we are going to reep the benefits of electronic patient records. As well as increasing training, now may be a good time to take a closer look at how we hold staff accountable.

The Information Commissioner’s Office (ICO) handles all breaches of the Data Protection Act. When something goes wrong an NHS body is ‘rapped’ – made to sign an undertaking to improve security which could lead to legal action if broken. Given that the Data Protection Act is legally binding anyway, this is little more than a formalised telling-off. And there has been no sign of such legal action. The ICO is supposed to be getting new powers sometime soon, which will allow them to fine organisations for ‘deliberative or reckless’ breaches of data protection. But so far there seems to be rather few repercussions to losing thousands of patients’ sensitive health information – apart from some bad publicity and sore knuckles.

You might be forgiven for assuming that when companies reassure you about their privacy policy it is, well, reassuring. Not so, says Carnegie Mellon University. A series of clever tests have shown that we have just the opposite reaction. In one experiment,

Subjects completed an online survey where they were asked a series of personal questions, such as “Have you ever tried cocaine?” Half of the subjects completed a frivolous-looking survey – How BAD are U?? – with a picture of a cute devil. The other half completed the same survey with the title “Carnegie Mellon University Survey of Ethical Standards” complete with a university seal and official privacy assurances. The results showed that people who were reminded about privacy were less likely to reveal personal information than those who were not.

So, if a company or organisation says it takes your privacy seriously, this has the effect of adding legitimacy to these concerns and making you less likely to give out information. Social networking sites seem to have clocked onto this. Their aim is to get people to disclose as much personal information as possible, so their privacy settings are confusing and low profile. Their message is that privacy doesn’t really matter – and it works.

This raises an interesting question for us here at Who Sees What? Our aim is open-minded, informed debate about how the NHS should balance privacy alongside ease, practicality and research. But just by asking people to think about privacy and security, are we inevitably making people more concerned about their medical information than they would be otherwise?

The NHS may find itself in a similar catch 22. There is broad consensus that the NHS should do its best to inform patients about what is happening to their records and who can see them. But if they want to avoid privacy concerns, should they follow facebook’s example by keeping as quiet as possible about the use of medical records, and make them confusing to understand? At least some would find this conclusion hard to stomach.

True to his name, the blogger The Yorkshire Ranter has launched a fierce (and in places rather convincing) attack on  Tory plans to hand over the NHS IT plans to Google or Microsoft. His cynicism stems from the rather philosophical point that ‘the purpose of a system is what it does.’

Unlike the NHS, nobody pretends that the purpose (and by this he means real intention, rather than official stated purpose) of Google or Microsoft was ever the good health of the British nation. His argument is, therefore, that their systems won’t be designed to work towards this end, whatever they say. Google’s prime aim is to sell advertising, a point which we flagged up here at Who Sees What? when the Tories first made their proposal.

But The Yorkshire Ranter argues that targeting patients for advertising is only one possible side-effect of commercial ulterior motives.

MS products have been triumphantly successful in a couple of things – inducing people to buy ever more aftermarket security products from other American proprietary software companies, scaring them off going to the competition by making all their file formats very slightly incompatible with everything else including other versions of their own products, and generally maintaining the public belief that computers are terribly mysterious and frightening and that they must expect the experience of using them to be painful and unpleasant. This belief is very useful if you want to sell products on “user friendliness” (i.e. pretty graphics) or if you want to sell things to them in general.

Given that medicine itself is mysterious and frightening to many, this could be a disastrous combination.

Even if we did trust their intentions, though, this blogger argues that neither Google nor Microsoft possess the technical complexity necessary for such a mammoth task as the NHS database. The US models of GoogleHealth and Microsoft Health Vault are simply tools allowing patients to view their records. This is similar to the NHS’ (recently shelved) HealthSpace. But that was only one part of the NHS’ massive IT plans, which included many more services such as a national ‘Spine’ of basic information, access by researchers and a choose and book system. These potential benefits just aren’t catered for by Microsoft or Google’s model.

The Tories’ proposed ‘replacement,’ to the current NHS project, then, is no replacement at all, but equates to scrapping the whole show. Which, of course, may be just what they want to do.

Although this is currently just a suggestion from the opposition, handing data over to a private web provider raises a whole new set of questions – ones which we will no doubt need to face as healthcare becomes increasingly electronic.

Taking the records system outside the NHS could be a way for patients to gain increased control over their own records. Unlike the NHS’s proposed HealthSpace, patients on Google and Microsoft can not only view and comment on their health records but also add to them, delete them or change them. While this will no doubt infuriate various healthcare professionals, it would give patients greater ownership over their healthcare – one of the aims of the IT programme.

But it would also re-cast previous debates about privacy and security. These companies make their money from advertising. John Caulthard of Microsoft argues that sharing patient data with companies could be ethical and beneficial, allowing the NHS to target those with potential health problems. But could we also see nightmare scenarios where those with a history of anorexia were targeted by beauty experts, or by dieting pills? And would Google staff be added to the list of hospital staff, clinicians and GPs secretaries who can get access to our records? Regardless of privacy policies, such a system would have greater security risks with data moving between the NHS and private providers. Privacy advocates have long been critical of the amount of data which Google accumulates on its users – search histories, emails, documents and much more – but the storage of health data would be far more significant.

Like so many questions at Who Sees What? this one comes down to who the public trusts more with their personal information. At present, the answer is far from clear.

Telehealth lets patients measure vital signs such as blood sugar levels or blood pressure from home and submit it to professionals electronically. This, it is hoped, will allow patients with long-term illnesses to avoid endless tests and visits to hospitals. For example, a diabetic patient could simply prick his finger and hold it onto a test strip. His doctor, on the other side of the city, can then check that the dosage is correct and intervene if necessary. Although the NHS is beginning with the monitoring of vital signs, the potential for telehealth’s effect on the way that we get healthcare is staggering. ‘Real Time’ telehealth could include examinations and consultations through video conferencing or teleradiology, which allows x-rays to be conducted remotely.

Telecare, however, although it is often used by those with healthcare problems, is part of social care, rather than healthcare.It is provided by social service departments, rather than the NHS. It is essentially an emergency service, including push button alarms, flood sensors and smoke detectors. Telecare supports elderly or frail people to remain independent in their own homes safely

While allowing chronically ill people to manage their own health, and elderly people to remain in their own homes is generally thought to be a good thing, this is not the main impetus behind telehealth and telecare. They are responses to the huge costs of caring for a growing and ageing population.

Although these techniques seem promising, it’s vital to gather evidence on how effective they are and the best way to use them. Last July, the Department of Health launched the Whole System Demonstrator programme.

This is a study to test whether telehealth and telecare reduce hospital admissions, lengths of stay, and doctors’ workloads. The program is running a trial with 6,000 people with long-term illnesses in the boroughs Kent and Cornwall and Newham, East London to test the cost effectiveness of telehealth and telecare.

The Department of health has been very quiet on how these initiatives relate to the NHS’ wider IT development, particularly Electronic Patient Records. Telehealth is clearly another move to storing patient information in electronic form, but little has been said on how or where this information would be stored if telehealth and telecare were adopted more widely. As Smarthhealthcare.com reports, before the WSD programme it was ‘difficult for stakeholders, ranging from local authorities to primary care trusts, ambulance services, police and mental health bodies, to share information due to data protection issues.’

For privacy campaigners the project’s emphasis on an ‘integrated networks’ needed to provide ‘integrated care’ might ring alarm bells. Although sharing potentially highly sensitive information between organizations about patients who require a range of social and health care is nothing new, doing so electronically is new in many cases. It remains to be seen how this information will be integrated into NHS databases and its implications for patient privacy.

The Charm Project, which is beiing run by a coalition of British universities, will be using technology to help people control the amount of exercise they do. Participants will carry devices which monitor how much exercise they are doing and let them know how they compare to the average. The project is based on the fashionable concept of ‘nudges’ which has been developed by American academics Richard Thaler and Cass Sunstein. They say that people can be led to good behaviour by systems which make the right choices more attractive or more noticable. By harnessing people’s natural competition, the Charm project hopes to prove that nudges can help healthy living.

If this works (and this is only a trial so it’s too early to assume), it could be a really valuable tool for the NHS to help patients look after themselves. Patients could agree a health need with their doctor, record their progress via Healthspace and receive regular encouragment via their mobile or Blackberry.

Also this week, however is some more worrying news. The Information Commissioner, who is charged with overseeing data protection in England, has demanded immediate improvements to the lax treatment of personal data within the NHS. The demand comes hot on the heels of a string of incidents where personal data was lost, including one where Camden Primary Care Trust dumped computers containing medical notes of 2,500 patients in a skip.

While worrying, it’s not clear what this means for the national and regional systems of Electronic Patient Records being introduced into England by Connecting for Health. One on hand, the system will store all records centrally, which will take the responsibility for protecting them partly out of the hands of the NHS trusts who’s failure the Information Commissioner is today criticising. But, of course, individual doctors and nurses will still need to see records and they may have access to many more than they did before – making a potential breach more damaging.

In truth, it’s too early to tell what the impact of the new system will be on patient privacy, or for that matter, on patient power. But as these two stories show, there a going to be real changes.