'I should decide who gets to share my health data'

By Tim Benson2014-03-21T06:00:00+00:00

1 Comment

Patients should be the ones who decide who can see and share their health records, argues Tim Benson

As a patient I want some control over who can see my personal data. I also want to to share my data with whosoever I wish and change my mind as and when I like. This applies to people and organisations. It should be up to me to decide who I trust.

For example, I may choose to change my mind about making my records available for Care.data, but do not necessarily want this decision to be known or implemented by my GP surgery.

Care.data: the patient’s view

More personally, I may want to allow one of my children to see my medical record, but not another. I do not want this choice to be publicly known, and I may change my mind a week later.

Shared decision making

Health services are moving on from the era of delegated consent, where I delegated control of my healthcare information to the professionals and let them do as they thought best. In shared decision making I am an active participant – no decision about me, without me.

“Consent management” is the generic name for the techniques used to implement this type of decision electronically. It involves two steps. First, I register my consent; then each access checks my consent status before retrieving any records.

Tim Benson

‘Empowering me with control over who has access to my health records will enhance my trust in the NHS’

The consent system does not know any of my personal data (apart from an assurance that I am who I say I am). Ideally it should be separate from all the systems that use it.

This is an important point. I should only need to express my consent once. A centralised or federated consent management system avoids the problems of consent policy interoperability, which we do not have space to explore here. It should not matter who supplies the system used to create the information or that used to access it. The rules should be enforced by government.

Win patient’s trust

The harder issues of consent management only really arise once we want to share information beyond the information governance perimeter of the specific organisation that created the data (the original data controller).

Consent management relies on identity management but is logically distinct. International standards are available for many aspects of consent management and many suppliers already use them. The decision about what information is to be shared may be based on common metadata covering time limits, information categories and data sources. The consent management system never sees the data itself.

Historically, most IT suppliers sought to provide consent management services within their own systems. This creates enormous difficulties when sharing information across care pathways, the wider web of care and for research purposes.

IT suppliers need a common consent framework that everyone understands. Rather than each supplier trying to map the consent framework onto their system’s view of the world, it makes sense to move the whole consent service into a separate system so that suppliers can focus on delivering the best service for their users. Using a common consent infrastructure, suppliers would no longer need to manage each individual patient’s consents, reducing duplication and simplifying information sharing within and between organisations.

Empowering me with control over who has access to my health records will enhance my trust in the health service.

Tim Benson is founder of Routine Health Outcomes, @timbenson

Topics

1 Comment

Podcast
HSJ Podcast: What the coroners say

2024-04-19T05:00:00Z

It’s easy to get desensitised to disastrous waiting times in the NHS, but behind the numbers are real and avoidable care failures.
News
New executive joins national agency to lead ongoing reforms

2024-04-19T04:00:00Z By Jack Serle

NHS Supply Chain has appointed a new chief commercial executive director to lead ongoing reforms to the agency as well as delivery of day-to-day commercial operations.
News
Trusts and NHSE ‘neglecting whistleblower training’

2024-04-18T11:10:00Z By Nick Kituno

Trusts and NHS England are failing to prioritise training for senior leaders on listening to whistleblowers — despite repeated findings of serious concerns going unheard — the National Guardian’s Office has said.

1 Readers' comment

You're not signed in.

Only registered users can comment on this article.

More from Comment

Comment
How to break the logjam preventing change

2023-12-05T10:09:00Z By Dr Charlotte Augst and Paul Corrigan

Charlotte Augst and Paul Corrigan explore the stark reality of the current healthcare challenges, dissecting policy failures, and proposing an approach to reshape patient-professional interactions for sustainable change in the NHS
Comment
NHSE data platform won’t reach all trusts until 2026

2023-11-23T13:21:00Z By Nick Carding

US firm Palantir has been announced as the provider for the federated data platform but, as senior correspondent Nick Carding writes, that’s just the beginning of the story for NHSE’s latest data endeavour.
Comment
Better community services not more beds are the answer to delayed discharges

2023-11-23T12:36:00Z By Martin Tett

Amid the growing winter healthcare challenges it is imperative to adopt a holistic approach and strategic solutions to enhance elderly care, optimise patient flow, and build an overall resilient healthcare system writes Martin Tett