Patients should be the ones who decide who can see and share their health records, argues Tim Benson
As a patient I want some control over who can see my personal data. I also want to to share my data with whosoever I wish and change my mind as and when I like. This applies to people and organisations. It should be up to me to decide who I trust.
For example, I may choose to change my mind about making my records available for Care.data, but do not necessarily want this decision to be known or implemented by my GP surgery.
More personally, I may want to allow one of my children to see my medical record, but not another. I do not want this choice to be publicly known, and I may change my mind a week later.
Shared decision making
Health services are moving on from the era of delegated consent, where I delegated control of my healthcare information to the professionals and let them do as they thought best. In shared decision making I am an active participant – no decision about me, without me.
“Consent management” is the generic name for the techniques used to implement this type of decision electronically. It involves two steps. First, I register my consent; then each access checks my consent status before retrieving any records.
‘Empowering me with control over who has access to my health records will enhance my trust in the NHS’
The consent system does not know any of my personal data (apart from an assurance that I am who I say I am). Ideally it should be separate from all the systems that use it.
This is an important point. I should only need to express my consent once. A centralised or federated consent management system avoids the problems of consent policy interoperability, which we do not have space to explore here. It should not matter who supplies the system used to create the information or that used to access it. The rules should be enforced by government.
Win patient’s trust
The harder issues of consent management only really arise once we want to share information beyond the information governance perimeter of the specific organisation that created the data (the original data controller).
Consent management relies on identity management but is logically distinct. International standards are available for many aspects of consent management and many suppliers already use them. The decision about what information is to be shared may be based on common metadata covering time limits, information categories and data sources. The consent management system never sees the data itself.
Historically, most IT suppliers sought to provide consent management services within their own systems. This creates enormous difficulties when sharing information across care pathways, the wider web of care and for research purposes.
IT suppliers need a common consent framework that everyone understands. Rather than each supplier trying to map the consent framework onto their system’s view of the world, it makes sense to move the whole consent service into a separate system so that suppliers can focus on delivering the best service for their users. Using a common consent infrastructure, suppliers would no longer need to manage each individual patient’s consents, reducing duplication and simplifying information sharing within and between organisations.
Empowering me with control over who has access to my health records will enhance my trust in the health service.