This article first appeared on 15.9.10 on digitalhealth.net.
I’ve just returned from the EMIS National User Group. It’s a shame that numbers seemed down on previous years, as the keynote was the first for ages at which we were not just promised jam tomorrow.
The day before the event started, EMIS was able to announce that it had got roll-out approval for EMIS Web, and that it would be starting a controlled roll-out pretty much immediately.
Reasons for confusion
There were a number of other interesting talks. In them, the phrase I heard most was data sharing agreements.
Now, I have to admit to having been a little ostrich-like whenever this topic has come up. I’ve been happy to allow more interested and informed people than me to try and sort it out. But am I alone in now being completely confused?
I think I understand the basics re EMIS Web. A patient can consent to share data with the Summary Care Record and/or consent to share data with local partners via EMIS Web.
This second consent can be done at the partner’s site to avoid having to pre-consent everyone; but the practice as data controller has to agree a data sharing agreement with the local partner first.
So if a patient turns up at a local partner (let’s say A&E) and their practice has a data sharing agreement in place, then they can consent face-to-face to let the clinician see their record. This works and, indeed, my local hospital is championing it with its diabetes service.
What I don’t understand is why, if a patient turns up and consents, a partner can’t see the data if the practice hasn’t agreed – even though the data may be there on EMIS Web. If the patient consents, surely it’s ok?
We have a local practice opting out of sharing data because it is worried about the records of patients who have opted out being breached. But this means all the patients of the practice who would like to share their data are excluded. Is this the greater good for the greater number? Have they asked them? I doubt it.
Another example, which I think I understand, is a patient from a practice that has agreed to share data turning up at a partner’s unconscious. In this case, the consultant in charge can consent for the person to look at their records – I think this is well understood.
Now what if the patient had opted out previously – that is, asked for their own records not to be shared? If they were unconscious, my understanding is their consent could be given by the consultant in charge – despite it being a change of mind – and this would be legal.
Indeed, perhaps few would argue against this approach at a life threatening time. But, again, if the practice hadn’t agreed to share data with the A&E department it wouldn’t be able to see the patient’s record, despite being able to consent for them.
It seems to me that the legal, moral and practicable are getting mixed up here. In the case above, it could be argued, morally, that since the patient had expressed a previous wish not to have their record accessed, this shouldn’t be done by the consultant in charge – even though it would be legal.
More reasons for confusion
It gets more confusing. When I speak to practices that refuse to sign a data sharing agreements, it seems that some at least do this without consulting their patients or in response to a vocal minority that don’t want ‘Big Brother’ to access their notes. They aren’t thinking of the admittedly rare cases where it might be vital.
When I speak to patients about why they refuse to give consent to share data, the reasons tend to be different. Although some are concerned about ‘Big Brother’, more seem worried about their cleaner’s husband who is a porter at the hospital accessing their records.
This is one of the more unlikely things to happen. Without the correct log-on or card or password – all of which are role based – no access will be granted. Where access is granted, it will always be logged.
In fact, EMIS Web sends an immediate report to the data controller that a breech has taken place in the form of an email, meaning that it isn’t reliant on people checking retrospective logs.
So in reality, the computer system is a lot more secure than pushing paper notes around a hospital in a shopping trolley.
Plus, any member of staff must know if they are caught looking at records they shouldn’t be looking at they will be in for the sack, at the very least. I suppose there might be a temptation if there was a lot of money to be made from a patient that was famous. But the cases in which this would be enough to give up a career and face prosecution must be low.
Time to start explaining
Some experts have probably just read my thoughts on this and wept at my naivety. However, nobody I have spoken to in the real world understands this any better.
The default position at most practices seems to be either to opt out of sharing or to opt in without explaining to patients what this means.
As sharing is one of the big features of EMIS Web, my recommendation to EMIS would be to start preparing presentations and handouts for medical staff, non medical staff and patients on the ethics, legalities and practicalities of data sharing before we all get into a mess.