)

The plan envisages spending huge sums of money (£3.2bn) on IT projects of a gigantic scale. The specifications of the ICRS have been kept secret, and there are many concerns about what is planned, not only about the effect on clinical services as viewed from frontline clinicians, but also from the points of view of security, confidentiality and erosion of civil liberties (also see Vulnerable to erosion (www.hi-europe.info/files/2001/9987.htm) .

For a sneak summary of the proposed project, please see the Guardian Unlimited article by Michael Cross
www.guardian.co.uk/online/story/0,3605,975139,00.html

Dr Ahmad Risk
Editor

. The Integrated Care Record Service and issues of security, confidentiality and civil liberties

The government have wanted an accurate population database for some time now. They have previously had suboptimal coverage from the Driver and Vehicle Licensing Authority and the census data, and a database that covers 100% of the population has been elusive. Health records start at day one, cover just about everyone and
fit the bill very nicely, and the powers that be have made no secret of their desire to have access to such a comprehensive set of data. This information has been located in thousands of tiny databases held on disparate systems in general practice, and anything other than administrative data has effectively been off limits to the government.

The solution and indeed now the Holy Grail for the government is to move towards centrally held records and the usurping of general practice IT systems will facilitate this. The host of statistical information from such a bank of data would unquestioningly help the planning and delivery of healthcare, social support, education, housing, transport, policing, and management of asylum seekers. As the list of services which might benefit from this data gets longer, the relationship to 'health' becomes more tenuous. Even so it can certainly be argued that language, ethnicity, religion, housing, social circumstances etc all directly affect health and many of us have felt pressure from primary care organisations recently to record this type of data in the health record, where previously much of this might have been considered the remit of social services.

A problem arises not just in having administrative data centralised (although this is a can of worms in its own right), but in having that central record based on and linked to the health record. Blair's notion that someone from London who collapses in Edinburgh could have their current virtual health record accessed by a Scottish medical crew might be an admirable goal, but from where I'm standing it seems like pie in the sky.

General practice software in the UK, allegedly as good as any in the world, was never designed to be used and shared in this way. In order to do so, every item of data which has been recorded (or which needs to be shared)
should have several extra pieces of information attached. At the very least this should include the identity and non-repudiable signature of the diagnosing clinician or healthcare worker, a list of which person or group of people have been given the patient's permission to access and or change that information and a list of which persons have actually done so and when.

Incredibly, although many of us are working in 'paperless' practices, there is still no system in place to be able to unequivocally identify ourselves electronically.

It is possible to do this but a nationwide solution is some way off (years). When that solution arrives AND when we have debated the issue of informed consent AND devised a system of classifying a tiered level of access to
secure data AND labelled the data with the appropriate access permissions, only then can we start to think about centralising healthcare records.

I believe we are several years away from being able to do this. If and when the technological solutions become available it will be a very major undertaking to role out, educate and train tens or hundreds of thousands of NHS staff. If we the current gatekeepers of this sensitive data allow it to become centralised before there are systems in place to safeguard confidential access then we will have irreparably broken the trust put in us by our patients — at some considerable cost.

Even if we were to be satisfied that an appropriate system controlling access to records had been implemented, let's not forget the thorny issue of non-consensual access by the government. The very existence of non-consensual access significantly erodes the doctor–patient relationship which is based on confidentiality. The illogical inclusion of cancer registries (over any disease for which records-based research holds promise) which do not require patient consent have already eroded privacy and this pernicious process will doubtless continue under the noble cause of information for health.

Social services and the benefits agency, for example, are likely to have varying degrees of access to records, but will this be consensual? I have never been asked by the police for non-consensual access to patient data, but in the current system if such a request occurred I would be able to scrutinise the indications and discuss with my defence organisation. Imagine the enormous complexity and sophistication required by a system which might be expected to grant online access for such request automatically using password protection. Once such a system were in place GPs would probably be none the wiser as to who had seen what. This is an enormous undertaking which has never been attempted before. I wonder what chance the government stands of implementing a reliable solution with appropriate safeguards and controls over access to patient data given the following:

a) the government's current questionable agenda;

b) limited funds and unrealistic timetables; and

c) a dismal track record with large IT projects.