BREATHING COUNTRY
The use of electronic patient records in medical research
Preparatory pack
Theatre of Debate速
1
TABLE OF CONTENTS INTRODUCTION………………………………………………........……......……......... 1 PREPARATORY MATERIALS……………………………………………………… 2
Introduction…………………………………………………………………………………………………..……………………….. 3 Introduction to Breathing Country…………………………………………………….………………….. 3 Aims……………………………………………………………………………………………………………………… 3 Breathing Country in your school………………………………………………………………………….. 3 Sensitive issues…………………………………………….………………………………………………………. 3 Any questions……………………………………………………………………………………………………….. 4 Fast track……………………………………………………………………………………………..……………….. 4 What is the Electronic Patient Record Initiative?...............................................………………………. 5 Breathing Country: Characters……………………………………………………………………………………………….. 6 Breathing Country: Synopsis ………………………………………………………………………………………………….. 7 The Issues …………………………………………………………………………………………………………………………….. 10 Preparatory Lessons……………………………………………………………………………………………………………… 12 PREPARATORY LESSON 1: What does it mean?........................................................ 12 PREPARATORY LESSON 2: What do we feel?.........................………………………………..13 PREPARATORY LESSON 3: Sculpture…………………………………………………………………….. 14 PREPARATORY LESSON 4: What do we think?..........................................................15 PREPARATORY LESSON 5: I’d like to ask………………………………………………………………..17 Glossary ……………………………………………………………………………………………………………………………….. 18 Development of Breathing Country: Advisory Group Members ……………………………………………. 21 Development of Breathing Country: Transcript of Workshop Day…………………………………………. 22
2
INTRODUCTION
INTRODUCTION BREATHING COUNTRY
Welcome to the Breathing Country Teacher’s Pack. We hope you will find it full of useful content that will help you to make the most of Breathing Country in your school. With the intention of making this pack as easy as possible to use and navigate we have split it into 5 sections and the contents of each section are colour coded accordingly. It is not expected that everyone will read the whole pack and consequently we have created lesson plans that can be pulled out and used independently of the rest of the pack. The lessons themselves have been put together with KS4 students in mind; however they can be adapted to suit other groups. They are provided as a stimulus to help you to make the most of the play and we would encourage you to modify them according to your needs. The Preparatory section of this pack contains introductory information that will give you a background to the play. It also contains much of the information that was collated to develop the play. The lessons in this section are designed to help your students get to grips with some of the vocabulary and themes specific to this project. Whilst not essential to an understanding of the play, which can stand alone, we would encourage you to cover some of the topics to ensure that your students make the most of the live performance and subsequent debate. The Post Show Discussion Triggers are provided to help you facilitate in-class discussions after seeing the play. They are not lesson plans, but starting points for discussion that will help you and your students follow up the play and continue some of the debates that will inevitably follow the performance. The Post Show Lesson Plans are targeted at specific subject areas and are designed to link with specific areas of the curriculum. The curriculum links are clearly stated on the first page of each lesson. However, it is worth reading lesson plans that fall outside your specific subject as there is some overlap between the lessons and some may be suitable for more than one subject area. Finally the Articles are provided to support specific lesson plans – but may also be useful background reading when considering the themes of Breathing Country. We hope this pack suits your needs and would be grateful for any thoughts you might have that will help us develop these resources.
We look forward to debating with you! Y Touring Theatre Company 3
PREPARATORY MATERIALS
4
INTRODUCTION
Introduction INTRODUCTION TO BREATHING COUNTRY Breathing Country explores the social, moral, scientific and political questions raised by the use of electronic patient records from general practice for medical research and is the eleventh in the Theatre of Debate® series of projects developed and produced by Y Touring. The project has been developed in partnership with the Royal Academy of Engineering and is supported by the Wellcome Trust. Janet
AIMS
I’m a clinical psychiatrist – so if I’m seeing someone and I don’t have their record, I spend half their time trying to establish what’s wrong with them – and what if their account isn’t reliable? 5000 people die in the NHS every year because the people treating them don’t have the correct information.
The overall objectives of the programme (play, debate and educational resources) are, through theatre and debate, to: •
•
•
Encourage informed debate about the potential of using electronic patient records for research and the issues raised for individuals and society (including issues such as trust, privacy and consent) Clarify what the misunderstandings are and provide engaging stimulus material to provoke discussion in order to gather both quantitative and qualitative data on the attitudes and concerns of the target audiences Provide a starting point for learning about new developments in medicine and biology
BREATHNG COUNTRY IN YOUR SCHOOL The play will be followed by a workshop/debate involving the characters in which students will be able to clarify and deepen their understanding of the issues raised by the play. In addition to the suggested preparatory lessons we have provided a selection of cross curricular learning resources, which can be found at www.ytouring.org.uk SENSITIVE ISSUES Like any good drama, Breathing Country raises some challenging issues including depression, panic attacks and suicide. When discussing the play, after the students have seen it, it is important to ensure that there is respect and trust within the group to enable open discussion. It is advisable to set clear ground rules with the students before discussion. The ground rules should focus upon listening and respect for differences in opinion. 5
ANY QUESTIONS If you have any questions after reading through the information, please don’t hesitate to contact Y Touring Theatre Company. Tel: +44 (0)207 520 3090 Email: info@ytouring.org.uk Web: www.ytouring.org.uk FAST TRACK
If you are short on time, we suggest that you prioritise the ‘What Does it Mean?’ and the ‘What Do We Think? activities, as they offer the most direct way to prepare your students for the play. In order to prepare yourself we suggest you familiarise yourself with the synopsis, the debate and the two newspaper articles (Articles 1 and 2) containing opposing viewpoints on the introduction of electronic patient records.
6
ELECTRONIC PATIENT RECORDS
What is the Electronic Patient Record Initiative? ELECTRONIC PATIENT RECORD The NHS National Programme for IT (NPfIT) is an initiative by the Department of Health in England to move the National Health Service (NHS) towards a single, centrally-mandated electronic care record for patients and to connect 30,000 General Practitioners to 300 hospitals, providing secure and audited access to these records by authorised health professionals. The Department of Health agency NHS Connecting for Health (NHS CFH) is responsible for delivering this programme. In due course it is planned that patients will also have access to their records online through a service called Health Space. NPfIT is said by the NHS CFH agency to be "the world's biggest civil information technology programme". Richard
The NHS deals with 1 million patients every 36 hours. That’s 463 people a minute, or eight people a second. As we record these encounters, the most astonishing picture will begin to emerge – of vital importance to the way we research the incidence and treatment of diseases, for determining how we manage our service, and to ensure the care of our patients themselves. Ladies and Gentleman, the new NHS database, the Electronic Patient Record, will harness the incredible power of our greatest untapped resource – information. The largest such resource in the world, the Electronic Patient Record provides us with the most fascinatingly detailed picture of a country anyone has every seen…. Just think what we can learn about ourselves!
Janet
Imagine I’m unconscious and turn up in A&E and I’m allergic to antibiotics but because no one knows that they treat me with penicillin. With these records the people treating me will be able to determine my details very quickly, and potentially save my life. 5000 people die in the NHS every year because the people treating them don’t have the correct information.
The use of electronic patient records for research is a multifaceted and complex topic. The potential benefits for health are clearly evident as patient information can be used to identify disease causes, for the control of epidemics, to monitor drug effectiveness and provide better services. However there are various issues related to the use of such data for both society and the individual, including privacy, consent, access and data security.
7
CHARACTERS
Breathing Country: Characters CHARACTERS Lizzie
Sixteen-year-old Lizzie suffers, like her mother, with depression. She is a gentle, private and sensitive girl who is learning to live with panic attacks and coming to terms with the death of her mother.
Simon
Seventeen. In love with Lizzie but uncertain of their relationship. He is confident, sparky and a digital junkie (twitter, facebook, googlemaps). He has a charm and charisma about him and is completely open; he has no secrets.
Richard
Forty-five. The Director of Communications at the Department of Health, he is also Lizzie's father. His high powered job means he has little time for his daughter. He is a brash, confident and sometimes aggressive businessman. Nonetheless, beneath his hard exterior he has a sensitivity that he finds difficult to express.
Janet
Forty. Works for the NHS. She is a passionate and gifted consultant psychiatrist/researcher and supports the introduction of the Electronic Patient Record to help her in her work. She is very honest and takes her work extremely seriously but is under enormous pressure and as a result can be scatty.
8
SYNOPSIS
Breathing Country: Synopsis SYNOPSIS
After six months hiding from the world, Lizzie (17), is ready for Life again. Six months ago, following the mysterious death of her mother, she pulled all information off her Facebook profile, and ceased all communication. She could not bear the world asking about her. But this morning is different. She switches on her machine and searches for Life. She realises that she wants to Live again. Technophile Simon shares everything on the internet. Lizzie’s sudden withdrawal from cyberspace left him bereft, and he has been gazing at Lizzie’s profile, waiting for a change. But today something is different – she has sent him a message: Lizzie is ready. Meanwhile, Lizzie’s father, Richard, unable to cope with the bitterness and anger surrounding his wife’s death, has become trapped by grief. Boiling in silence, he is unable to relate to his daughter, and has thrown himself into his work. Richard is Communications Director at the Department of Health, and is trying to launch the NHS Electronic Patient Record – the biggest computer engineering project in the world. In the past, he was famous for knowing how the public want to ‘feel’ about such great endeavours, but since his wife’s death he has lost his gift he doesn’t know how to tell the ‘story’ to the public. And he has a new problem – a journalist has obtained leaked information suggesting the database is not ready to handle sensitive patient information… Richard is shocked by Lizzie’s sudden positivity, when she comes to find him at his office, and he wonders what has happened inside her. Pushing Lizzie away, he meets Janet, a gifted but fluster-brained clinical psychiatrist who has been campaigning for the introduction of the database. It becomes plain that Richard hasn’t been taking the privacy issues about the database seriously – he doesn’t know what privacy ‘feels like’. But when Janet tells him about a research study she is conducting, he goes pale… Later that evening, Lizzie meets Simon, and he is joyous when she promises to attend a friend’s house-party for her ‘relaunch’. But there is an elephant in the room – and Simon is hurt by her secrecy about the past six months. In a strange moment of tenderness, Lizzie takes a photograph of them together for him to share on his page. But then Richard arrives back home early. Furious that Lizzie appears to be cultivating a ‘secret life’ of her own when she should be churning with bitter grief, an outburst sends a distraught Lizzie scattering away. On the verge of 9
throwing Simon out, Richard hesitates when Simon gives him a brilliant lead for the database story. Later, Lizzie returns to her profile page, and witnesses a frenzy of comments over the freshly uploaded picture of her with Simon. Unable to cope with this sudden exposure, she suffers from a panic attack. A week later, Richard successfully launches the database, and Simon and Lizzie are preparing to go to the party. Lizzie struggles between her desire to go, and her belief that she will have an attack when she gets there. Simon tries to comfort her, but wishes she would tell him how he could help. The party is a great success, and Lizzie returns home drunk on life. But when she wakes up, Richard is waiting for her. He had been fretting that she had abandoned him. Moreover, a letter from the NHS has arrived for her, and Richard is paranoid that it is about him. But when Lizzie reads the letter, she is shocked. It asks her if she consents to being contacted about taking part in a research study led by Dr Janet Greig, concerning the mental health of young people. She has been identified because her medical record showed she had reported suffering attacks. As a result of what she regards as an abuse of her privacy, she has a severe attack. The next day, she goes to accost Janet at the hospital, in defence of her privacy. Janet, at heart a good clinician, is horrified that Lizzie has been hurt by the use of her data in this way, but can also see that Lizzie desperately needs professional help. Talking to Lizzie, she gives Lizzie a glimpse of a future without these attacks – if she were to undergo some Cognitive Behavioural Therapy. Lizzie, seeing a way out, begins to open up a little about the circumstances of her mother’s death. They arrange another appointment. Since the party, Simon has been unable to contact Lizzie, while Richard has concluded that he must do something to avert a disaster with his daughter. Fretful that she may be at risk to herself, Richard suggests to Lizzie that they take a short break to talk about things. But Lizzie responds that she ‘can’t do Mondays’, but won’t say why. When Richard wonders aloud whether Lizzie might be ‘like her mother’, Lizzie bursts out into the night. Richard contacts Simon over Facebook and asks him if he can find out where Lizzie is going. Simon can’t resist such a data search, and the next day follows Lizzie to the hospital, from where he reports to Richard. In despair, Richard lashes out at Simon, and orders him off – he doesn’t want his daughter anywhere near a dirty snoop. 10
Inside the hospital, Lizzie is meeting Janet. Having established trust, and privacy – breathing country - Lizzie finally opens up about her mother’s suicide, and begins a healing process. But this involves data entry about Lizzie onto a computer. Janet may well be a gifted clinician, but she does not understand the technology, and is so overworked that she leaves her computer terminal vulnerable to furious, confused snoopers who may be loitering around the hospital, looking for answers. Richard, meanwhile, frantically tries to locate Lizzie, convinced she is in danger of committing suicide. Finally getting in touch, he asks her to come and visit him at work. As Lizzie travels to Richard, Simon contrives to bump into Lizzie. Now aware and sensitive to her condition, he is still hurt – and when Lizzie promises she will tell him everything this evening – after she has gone to see her father – she does not understand the dread filling Simon’s heart – if only he’d waited a day, he wouldn’t have had to spy on her – and now her father will tell her he followed her! How can he stop her from finding out about his spywork? And so it proves. All this time, Richard has been unable to empathise with his daughter – and now – in a panic – he demands that Lizzie ‘come clean’ about her trip to the hospital. Discovering she has been spied on, she is crushed, and has a final, serious attack, in which she passes out. While she is unconscious, Simon bursts into the office, intent on preventing Lizzie from knowing about his treachery. When Lizzie, wakes up, a showdown ensues in which Lizzie tells Simon she never wants to see him again. Furious now at what he sees as his mistreatment, Simon vows revenge as he leaves. Meanwhile, in the face of Richard’s emotional dysfunction, Lizzie threatens to ‘expose’ him – to tell everyone what happened to his wife. Although he has ‘nothing to hide’, now he knows what the need for privacy ‘feels like’. Later that day, Janet finds that the memory stick is missing from her computer… All hell is about to break loose… Ben Musgrave Summer 2009
11
THE ISSUES
The Issues THE ISSUES
Janet
You can check your record, if you register. Or at least a summary. And you can read it in full under the data protection act. And if after I see you, you want to see what I put in your record, you can see that, too, unless there’s a very good reason not to. It’s your record. And if I enter something you think is wrong – then there are things we can do about that. And if there’s anything you want to hide from anybody – you can ‘seal’ it – put it in an envelope so nobody can see it.
Below is a list of some of the debates/discussions that arose in the research and development period for this project and are touched upon in the play. Should patients have access to their records? There are advantages and disadvantages to people accessing their own medical notes. They may give useful insights and can express their views, but may also find the information there unhelpful and difficult to understand. There are serious security issues associated with giving patients access to their records. Should making records accessible for research be opt-out or opt-in? Presumed consent will allow more records to be used for research, as few people will actively opt-out. The more complete the data the more meaningful the research. But is it an infringement of choice? Does collecting research data violate personal privacy? Misuse of personal data, such as the use of medical data without consent, is viewed as assault. Is this an accurate assessment? If so, are there ever circumstances where obtaining consent is not necessary? Is this still the case if the data is anonymised? Do users of the NHS have a duty to the service? One of the purposes of the NHS is research, and access to electronic data offers excellent research opportunities. Do people who benefit from NHS care have a right to opt-out of NHS research which could benefit others? Can we successfully restrict access to medical data? Our capacity to build secure systems that adequately protect people’s privacy is limited. The present system is already flawed, and in any security system, electronic or otherwise, the greatest threat comes from inside. Understanding the flaws in the design may help us plan for inevitable security breaches. 12
Who else might use this data? Other parties might have interest in this data: the media, insurance companies, governments. Once the data exists and is collated we can never be certain of how it will be used. Should private benefit be sacrificed for the public good? Healthcare is a political subject and the debate can become polarised into left and right wing arguments. The decisions made now may reflect the current political climate, but will have consequences far into the future. Will fears over privacy cause a backlash or prevent patients using the NHS? Public scares and a backlash against the new system could make people unwilling to access healthcare, create a society where the rich can afford to opt-out or cause serious damage to confidence and trust in the welfare system. Richard
12 billion for a few bits and bobs – Doctors and nurses lives made a bit easier! The appointment system made a bit easier! A bit safer in A&E! A bit easier to do medical research! People aren’t interested in four things getting a bit easier, Barry, they want to be told a story they can understand! They want to know how it will FEEL.
You may also wish to refer to Articles 1 and 2 at the back of this pack. The articles feature two very different viewpoints and touching on the bigger questions relating to privacy, trust, and the common good.
13
PROCESS
OBJECTIVE
PREPARATORY LESSON 1: What does it mean? A discussion exercise to ensure that your students are familiar with the key terms and phrases referred to in the play.
1. Explain that you are going to say a word or phrase and that when you call out their name, you want each of your students to say the first word that comes into their head. 2. Explain that if they can’t think of a word or if their mind goes blank, they can say ‘Pass’.
WORDS AND PHRASES
3. After each round clarify the actual meaning of the word or phrase if appropriate and discuss as a class some of the associations that have been shared. Trust
Engineer
Patient confidentiality
Private
Database
Suicide
Medical research
Anonymised data
Panic attack
Social networking
Electronic patient records
14
PROCESS
OBJECTIVE
PREPARATORY LESSON 2: What do we feel? To explore the emotions associated with some of the key phrases associated with electronic patient records.
1. Explain that you are going to say a word or phrase and that when you call out their name, you want each of your students to say the emotion that they associate with that word. 2. Explain that if they can’t think of a word or if their mind goes blank, they can say ‘Pass’.
WORDS AND PHRASES
3. Discuss as a class some of the associations that have been shared. Depression
Data breach
Panic attack
Medicine
Government
Doctor
Identity fraud
15
PROCESS
RESOURCES
OBJECTIVE
PREPARATORY LESSON 3: Sculpture To enable a non-verbal student exploration of pre-conceptions about electronic patient records.
A large empty classroom or drama studio
1. Split the class into groups of three - A, B and C (the odd group of four is fine). 2. A’s, are the sculptor, B and C (+ D’s if required) are the sculptor’s ‘clay’. Ask the sculptor to guide the clay into a picture that you will describe.
SCULPTURES
3. After each one, invite the whole group to look at each other’s sculptures and comment on what they see. Sculpture One: Privacy Sculpture Two: Surveillance Sculpture Three: Anxiety Sculpture Four: Trust Sculpture Five: Depression
16
PROCESS
RESOURCES
OBJECTIVE
PREPARATORY LESSON 4: What do we think? To prepare your students for the debate that will follow the play. The debate will explore what your students think about electronic patient records.
A large empty classroom or drama studio
1. Ask your students to stand in the centre of the space. 2. Explain that there is an imaginary line running down the centre of the space, one end of the line represents ‘Agree’ and the opposite end of the line represents ‘Disagree’. The middle of the line is ‘Don’t Know’. 3. Explain that you are going to read out a series of statements. If they agree with the statement they should go and stand at the end of the line that is ‘Agree’. If they disagree they should go and stand at the end of the line that is ‘Disagree’. If they are not sure or don’t know what they think they should stay in the middle. 4. After they have taken up their positions, ask your students to explain why they have chosen their position. After hearing from several students give your group the opportunity of changing their position.
STATEMENTS
5. Repeat the process for each statement. 1. I'm happy for absolutely anyone to know all the details of my medical history 2. I want to have control over who knows the details of my medical history 3. I'm happy to let my doctor decide who knows the details of my medical history 4. I trust all medical researchers to keep my data confidential 5. I’d want to know if my data was used in a scientific paper
17
6. I'm happy to reveal my medical history if it could help someone else get better treatment 7. I'm happy to reveal my medical history if it could help a British company make money and create jobs. 8. I’d be happy for my data to be used to develop a new drug to treat cancer 9. I’d be happy for my data to be used to develop a more effective abortion pill 10. I’d want to know if my data showed I had a 50% chance of being affected by a particular disease 11. I’d want to know if my data showed I had a 50% chance of having a disabled child
18
PROCESS
RESOURCES
OBJECTIVE
PREPARATORY LESSON 5: I’d like to ask To prime students for the questions that they will have the opportunity to ask in the debate section of the production of Breathing Country.
Pen and paper
1. In pairs, ask the students to come up with two questions. Both are for people who have strong opinions on electronic patient records: •
•
Question 1 is for a medical researcher who thinks that patients' information should be used for medical research unless there is a specific reason not to. Question 2 is for someone who thinks that the government will loose data from the electronic patient record and leave patients potentially open to identity fraud.
2. Ask the students to make a note of the questions and then share them with the class. They could also take the questions with them into play and ask them in the debate.
19
GLOSSARY
Glossary GLOSSARY Anonymised Data Data prepared from personal data but from which the person cannot be identified by the recipient of the information. Data Breach
The unintentional release of secure information to an insecure environment. This may include incidents such as theft or loss of digital media such as computer tapes, hard drives, or laptop computers containing such media upon which such information is stored unencrypted, or posting such information on the world wide web or on a computer otherwise accessible from the Internet without proper information security precautions.
Depression
An illness that involves the body, mood, and thoughts, that affects the way a person eats and sleeps, the way one feels about oneself, and the way one thinks about things. A depressive disorder is not the same as a passing blue mood. It is not a sign of personal weakness or a condition that can be wished away. People with a depressive disease cannot merely "pull themselves together" and get better. Without treatment, symptoms can last for weeks, months, or years. Appropriate treatment, however, can help most people with depression.
Electronic Patient Records (EPR) An individual patient's medical record in digital format. Electronic patient record systems coordinate the storage and retrieval of individual records with the aid of computers. There are different types of electronic patient record. Summary Care Record (SCR), containing basic information. Local Detailed Care Records (DCRs), containing more comprehensive clinical information. Secondary Uses Service (SUS) which will provide access to aggregated data for management, research and other ‘secondary’ purposes. Epidemiology
Epidemiology is the study of factors affecting the health and illness of populations, and serves as the foundation and logic of interventions made in the interest of public health and preventive medicine. It is considered a cornerstone methodology of public health research, and is highly regarded in evidence-based medicine for identifying risk factors for disease and determining optimal treatment approaches to clinical practice. In the study of communicable and non-communicable diseases, 20
the work of epidemiologists ranges from outbreak investigation to study design, data collection and analysis including the development of statistical models to test hypotheses and the documentation of results for submission to peer-reviewed journals. Epidemiologists also study the interaction of diseases in a population, a condition known as a syndemic. Epidemiologists rely on a number of other scientific disciplines, such as biology (to better understand disease processes), Geographic Information Science (to store data and map disease patterns) and social science disciplines (to better understand proximate and distal risk factors). Facebook
Facebook is a social networking website. Users can join networks organised by city, workplace, school, and region to connect and interact with other people. People can also add friends and send them messages, and update their personal profiles to notify friends about themselves. The website's name stems from the colloquial name of a book given to incoming students at Facebook creator, Zuckerberg's, high school alma mater, Phillips Exeter Academy. The book shows the faces and names of the school's students and faculty.
Google Earth
Google Earth is a virtual globe, map and geographic information program that was originally called Earth Viewer, and was created by Keyhole, Inc, a company acquired by Google in 2004. It maps the Earth by the superimposition of images obtained from satellite imagery, aerial photography and GIS 3D globe.
Google Street View
Google Street View is a feature of Google Maps and Google Earth that provides for many streets in the world 360째 horizontal and 290째 vertical panoramic views from a row of positions along the street (one in every 10 or 20 meters, or so), from a height of about 2.5 meters. It was launched on 25th May 2007 and has gradually expanded to include more cities, and in these cities, more streets and also some rural areas.
NPfIT
The NHS National Programme for IT (NPfIT), is an initiative by the Department of Health in England to move the National Health Service (NHS) towards a single, centrally-mandated electronic care record for patients and to connect 30,000 General Practitioners to 300 hospitals, providing secure and audited access to these records by authorised health professionals. The Department of Health agency NHS Connecting for Health (NHS CFH) is responsible for delivering this programme. 21
In due course it is planned that patients will also have access to their records online through a service called Health Space. NPfIT is said by the NHS CFH agency to be "the world's biggest civil information technology programme". Online Social Networking A social network service focuses on building online communities of people who share interests and/or activities, or who are interested in exploring the interests and activities of others. Most social network services are web based and provide a variety of ways for users to interact, such as e-mail and instant messaging services. Social networking has encouraged new ways to communicate and share information. Social networking websites are being used regularly by millions of people.
Panic attacks
Panic attacks are sudden, discrete periods of intense anxiety, fear and discomfort. The onset of these episodes is typically abrupt, and may have no obvious triggers. Although these episodes may appear random, they are a subset of an evolutionary response commonly referred to as fight or flight that occur out of context. This response floods the body with hormones, particularly epinephrine (adrenaline), that aid in defending itself from harm. Experiencing a panic attack is said to be one of the most intensely frightening, upsetting and uncomfortable experiences of a person's life.
Twitter is a free social networking and micro-blogging service that enables its users to send and read messages known as tweets. Tweets are text-based posts of up to 140 characters displayed on the author's profile page and delivered to the author's subscribers who are known as followers. Senders can restrict delivery to those in their circle of friends or, by default, allow open access. Users can send and receive tweets via the Twitter website, Short Message Service (SMS) or external applications. While the service costs nothing to use, accessing it through SMS may incur phone service provider fees. Since its creation in 2006 by Jack Dorsey, Twitter has gained notability and popularity worldwide.
Sources
http://www.encyclopedia.com http://encarta.msn.com/ http://en.wikipedia.org http://www.bbc.co.uk http://www.bris.ac.uk/secretary/dataprotection/research/anonymising.html www.publications.parliament.uk/pa/cm200607/cmselect/cmhealth/422/422.pdf http://www.medterms.com
22
ACTIVITY
Development of Breathing Country: Advisory Group Members ADVISORY GROUP MEMBERS The process of creating Breathing Country relied upon the input of an Advisory Group of experts with a range of different viewpoints on the issue of electronic patient databases: Gus Hosein Visiting Fellow, London School of Economics Martyn Thomas FREng Director and Principal Consultant, Martyn Thomas Associates. Prof. Simon Wessely MD FMedSci Professor of Epidemiological and Liaison Psychiatry at the Institute of Psychiatry, King’s College London, and Honorary Consultant Psychiatrist at King’s and Maudsley Hospitals Dr Marlene Winfield OBE Head of Public Engagement for the National Programme for IT in the NHS Dr Trevor Yellen General Practitioner, Killick Street Community Health Centre, Kings Cross At the start of the project these experts, along with young people from local schools, were invited to participate in a workshop exploring perceptions around the issues arising from the use of electronic patient records in medical research. For further information about the invited speakers, and film footage of their presentations, please see the resources page of Y Touring website: www.ytouring.org.uk
23
ACTIVITY
Development of Breathing Country: Transcript of Workshop Day TRANSCRIPT OF WORKSHOP DAY Below is a summery of the opinions and presentations expressed during the Y Touring workshop day where writers, young people, patients and the advisory group talked about the issues surrounding electronic patient records. A GP’s Perspective Dr Trevor Yellon I have a few rather dry slides to talk around, but I would like to begin with a story. A 39 year old woman, a mother with two children and a journalist, went for a private, surgical procedure, and in the days following she became unwell. She saw a GP, who found that she had flu-like symptoms and thought little of it. He did not realise that he was the seventh GP to see her, not one of her doctors was aware of her appointments with the others. She became progressively unwell and died from septicaemia a few days later. The number of times someone requires medical help for a condition can be significant for their diagnosis, and had the doctors she saw been fully aware of the situation she may have been sent to hospital. There is now a big court case over her death. With that in mind, my personal perspective is that electronic patient records are a good thing. Currently notes are written on a computer and when they go to another GP the record is printed, a summary is typed up, it is sent by post and then filed. This process has many disadvantages. • • • • •
It is slow and laborious. Doctor’s handwriting is notoriously poor. The system leads to errors in the way notes are recorded. It is of no help to hospitals or A&E who do not have access to your records when they treat you. The records take up lots of space and are fiddly to use, which takes time out of each 10 minute consultation.
The new system will remove these problems but new problems will arise. There is a big worry about data security and viruses and we have all heard the stories of lost laptops and CDs with personal data on them. The system is very expensive, and the funds for it are coming from the Department of Health. Staff will need to be trained to use it, I’ll have to fire my note summariser and there are confidentiality issues connected with who has access to records, who can alter records, and the profiles of well-known people and celebrities. If I spend all day telling people not to smoke I might not want them to know about my 40-a-day habit. My personal opinion is that I’m asking not to have my notes uploaded to the database, but I am aware that the system is unsustainable as it is. Questions Workshop participant My trust, Chelsea and Westminster, has moved over to an electronic system for records and it’s a joy. It has revolutionised healthcare. Workshop participant I wondered how many cases would have benefited from multiple doctor consultations as in your story? Dr Yellon
Probably very few, this is a personal perspective.
24
Workshop participant Are you more worried about who will access records or about restriction of access? Marlene Winfield
Most of the time it will work fine. People travel and people move, to have access you will have to justify it. The process of access is monitored. For example, A&E see many people and pass them on.
Workshop participant As someone who has been through 7 operations, I have taking to keeping my own medical records so that I am able to go to a doctor with a record of what has happened to me. I think that more patients should take responsibility for their own health in that way. Dr Yellon
We love patients like you, but you are 1 in 150. It sounds like and easy solution but it doesn’t work. Most people won’t take the time to record their own medical notes.
Workshop participant What if patients lie or altar things if they keep their own records? Dr Yellon
They do that at their own risk. People sometimes feel they should behave in a certain way to be believed. I see that every day. People with a cold will exaggerate their symptoms, some people dying of cancer will come in saying it's nothing much. It's part of an ethical view point, but I find that most people tell the truth most of the time.
Marlene Winfield
There is a movement for people to access their own records so that they can see if things are right or wrong, particularly in the case of chronic illness.
Dr Yellon
Sometimes patients can access their own records and add things, such as treatment preferences. I am uncomfortable with patients accessing their own records. Practice letters are now written so that they are directed at patients. I speak a medical language which it took time to learn, and which allows me to communicate information to my colleagues accurately. Translating this for patients takes time and makes it difficult to communicate between hospitals.
Workshop participant I wanted to say that I have been in a position to look up details of people I went to university with. The desire to look is very strong, and I’m a good person who wouldn’t do that! I think that especially with celebrities it would be difficult not to look. Workshop participant Wouldn’t it be possible to have a helpline set up so that clever people who were able to understand the medicine could tell the patients what their notes meant. Dr Yellon
Most illnesses do have support groups, but I can give
25
you an example of the confusion caused. Sometimes pregnant women have a miscarriage, and in medical terms this is referred to as ‘abortion’. To a patient the term abortion means that they underwent a procedure to end the pregnancy. If they had a miscarriage and read the term abortion on their medical notes they may feel that the notes are wrong, when it is, in fact, just the medical term. Workshop participant It is better to share information with healthcare professionals in the case of long term conditions. Workshop participant There should be a system where these people with long term problems can upload information to their records. Workshop participant Who currently has access Pharmacists? Psychologists? Dr Yellon
to
the
records?
No-one has access without consent. Currently the patient has to give consent.
NHS Connecting 4 Health Dr Marlene Winfield OBE I have lived here for about 36 years, although you will be able to tell from my accent that I am not from this country. I’m a wife and mother of two grown up sons. I am the Director for Patients and Public at NHS Connecting 4 Health, which is that part of the NHS that gives people more access to their records and control over who has access. I am a former consumer advocate for the national consumer council where I worked on data protection and privacy, and have worked for pressure groups such as the Prison Reform Trust, so I am a bit of a poacher turned gamekeeper. I am interested in this topic because it is part of my job, but also because I’ve been a researcher and I’ve commissioned research on patients. I’ve benefited from research but I’ve also spoken to people who are worried about their data being used in research, and I’ve seen what happens when there is not enough research. I ran a support group for thousands of women who were injured by a faulty contraceptive, known as Dalkon Shield. Over 200,000 women worldwide were affected. They didn’t know how to protect themselves, their doctors and nurses were unable to give them good advice because there was no way to detect the pattern of things going wrong at an early stage. People have a lot to gain from the collection and analysis of patient data. They can know which treatments are best for which conditions and which patients, get early warnings of problems, and better understanding leads to better prevention. There is a downside – while the majority of people have little in their medical history that could harm them, some people have a lot to loose. There have been some shocking lapses in looking after data by both revenue and customs and the NHS. For some people a privacy breach can mean: • • • •
They can’t get a job Can’t get a mortgage or insurance policy Are singled out at school, home or community e.g. HIV Family might find out about issues such as contraception which could led to problems or even violence.
26
There is no middle ground with the media – on Monday the Guardian front page showed concern over database security, on Wednesday they praised a research breakthrough. So is this play to be about Guardian Angels or Big Brother? The more we can do with the information the greater the conflict of interest. What is more important: private interest or public good? The more complete the data the better the research, so should people be allowed to opt out? Should people have more say over data that names them? Can they say they don’t want their data used in some kinds of research? Should the information people have chosen to hide be used? Who can look through the records to find those suitable? – Doctors and nurses have the right but not the time, researchers have the time but not the right. If the NHS has a duty to its patients, do those patients also have a duty to the NHS? Who should have the power to decide when public good should triumph public interest? The government? Parliament? The Department of Health? The medical establishment? The courts? The people themselves? Questions Workshop participant I’m a doctor by background, and have worked as a GP, in the RAF and in family planning. Our electronic patient record shows so much about us that I think it needs consent. To access it without consent is like data-rape. The public need to think about consent. Many people say they are happy for others to access their records, but we tell our doctors private things and don’t want that data shared. So the question is: how do we give consent? Marlene Winfield
We’re doing a public consultation. This is a complex set of records to flag to have them used in some research.
Workshop participant Which records are held in the doctor’s surgery and which are held nationally? Marlene Winfield
There are three types of records. The hope is that we will link GPs, hospitals and clinics so there is pooled information. To access the system you will need a smartcard. If you request emergency access to a patient you don’t normally see – say in A&E, you need to say why you need access, and the request will be sent off to a reviewer who decides to grant access or not, so the access is audited. The GP keeps a Summary Care Record and it will be possible to access this anywhere in England. You can write in there yourself, and you can have access to your own record so you can see things as they come in. I saw a man with diabetes yesterday who was recently given access to his record. Two weeks later he collapsed and went to hospital where his prescription was changed. This was immediately visible on his notes along with a record of his visit, discharge summary and other details. Patients and information are the most underused resource in the NHS. We currently can’t cope with the demands on the NHS. The patients should take responsibility but we need to give them the tools to do so.
27
Workshop participant You talked about use of this information in terms of life insurance… Marlene Winfield
I was talking about if the information leaked. It is illegal to give information without consent.
Dr Yellon
That’s right, the insurance companies are allowed to ask if you have a condition, but they are not allowed to ask about any negative test results. They are only able to ask if you have an illness.
Workshop participant Have there already been similar systems to this elsewhere in the world? Simon Wessely
In Scandinavia you have a unique personal number which remains with you for life. They have the best epidemiological data in the world as a result. They do great twin studies which would not be possible elsewhere, and yet these are not countries with a reputation for poor civil liberties. The USA has a good, sophisticated system which covers many people. It meant that after hurricane Katrina devastated New Orleans many people could be easily found and helped. Those with paper records found their records were gone. We lag behind systems in some countries but are ahead of others.
Marlene Winfield
Notions of civil liberties vary. For example, in Sweden tax information is public, so you can find out what everyone earns.
Workshop participant I read that in France people own their own records… Marlene Winfield
I don’t know much about this. I think people have a health card which is under their personal control and they can chose to make that information available.
Nigel Townsend
I would like to ask our young researchers if they feel that they have different attitudes to privacy and data sharing from the adults here?
Workshop participant No, I don’t think so. I don’t think that we are any more happy to give away our rights and our information just because we are young. Workshop participant If the NHS is doing this can people who go private avoid it – so can people buy out of the system? Marlene Winfield
Provided that the clinics can meet NHS standards they can have access to records with patient consent. From a personal stand there are three levels of opting in. Red – These are shared records on local systems only. The national database cannot access them. Amber – This is the default setting and records are shared locally. Patient summary is shared nationally with consent. Green – This is a shared record where there is presumed consent for access controls, but not for
28
research. It just means that someone from another health authority could access the file. Dr Yellon
If and when something goes wrong I’m concerned about patients not coming because they are confused.
Simon Wessely
Do you have any evidence that’s the case?
Dr Yellon
No, but I do know that what’s reported in the news directly impacts on my consultations.
Marlene Winfield
The opt out rate for the database in those asked is very low – 0.81%. We sent out letters to people and asked them whether they would like to opt out, then followed up to find out why they hadn’t responded. Most never opened the letter, but still we found that people generally were not bothered.
Workshop participant What happens if the patients move abroad? Marlene Winfield
The NHS keeps the records for a while – around 18 years I think, but it varies between regions, then they are destroyed. There are possibilities for moving records.
An Engineer’s View Martyn Thomas FREng I’m an engineer. I look at big systems. This is an example of a large sociotechnical system and it is important to get it right – the outcome of all the things we’ve been discussing about how people will need to use it – these things need to be right. There are the ethical issues of the balance of benefit and potential harm, and I’ve learned that it is a serious mistake not to get those issues right from the beginning. In this project we have a framework, but we still haven’t worked out the technical issues. ‘I wouldn’t have started from here’ is my position. Where there is a balance of benefit it shouldn’t be imposed. The future is built by engineers and we can only build the world that you want to live in if there is debate. So who debates? • usually the corporations • Governments, who often have no idea what the consequences of their policy will be. • The public – democracy is about informed debate. I now work as an expert witness, so I look at systems which fail. Computers world-wide are very incompetent, but haven’t been around for long. The first computer was built 60 years ago at the University of Manchester. So we are doing well – 60 years after the beginning of civil engineering we hadn’t even invented the brick! But still, most large-scale computer developments fail. Electronic patient records can be of benefit to patients, but there are better and cheaper ways to achieve those benefits than the £10bn that’s being spent on this system. Is this the best way of improving healthcare? The shared view is that privacy is important, and it is very hard to achieve that. A consequence of that is that if we give the patients access to their own records, security is certain to be compromised. We need to accept that it is inevitable and plan for it. We also need to be convinced that the benefits
29
outweigh the risk. So here are the facts: Computer systems contain bugs and you cannot show that a system is secure by testing it. There are still errors. For example, the new Hercules Transporter Aircraft had 1 error per 5 lines of code. There are many ways of attacking a system that is connected to the internet. It is impossible to set up a cost-effective system online. Celebrities will have their data excluded. How famous will you have to be to be excluded from the database? If privacy matters to them why doesn’t it matter to you? Once your records are out they are there forever. The internet never forgets. Making systems secure means making them difficult to use. When Connecting 4 Health rolled out its smartcards the clinicians shared them immediately to avoid the time it takes to log in and go through the auditing procedure. All the research shows that people share these tools, just as in offices all around the country there are post-it-notes with passwords written on them attached to monitors. It is fanciful to suggest that you can keep a log of who accessed a system. People in the real world do not work that way. You can’t tell a doctor that sharing his smartcard with a colleague is unethical when he is getting faster treatment for someone who is bleeding to death. Testing can never make a system secure, and this is why: It is like testing 100 rivets on the Sydney Harbour Bridge at random, finding something wrong with 10 of them and changing those 10. Testing shows you that the tests work. In the physical world things behave in a continuous manner, but you cannot apply this to computers. They do not behave in a continuous way. They are a set of individual states and any one of them can be wrong. There are many ways of attacking a system: • • •
• • •
The easiest is from the inside. You can borrow a password, ID or smartcard You can guess or crack the password… or find it in a car park (as all the government gateway passwords were found on a disk) Obtain it through a phishing attack – these often install a Trojan or keylogger. The computer is then controlled by someone else, usually organised crime. Those who control it then use it to send spam, attack websites and attack databases Man in the middle attacks – feeds back an exchange of data to deal with encryption DNS data attack Social engineering – pretend you are entitled to access
In 1996 NHS staff were trained to look for bogus phone calls. They were told to use a phonebook to look up the number of the organisation the person said they were calling from, and call them back on that number, not the number the person gave them. They found that they were receiving around 30 bogus calls a week. There was another study where a false record of a celebrity (Bill Clinton) was added to record data to see how many staff would look, and dozens checked. The bottom line is that where there is money to be made from data people will get access.
30
Your data may be wrong. There is a story of a woman called Helen Wilkinson who was an NHS manager. Her records said that she was an alcoholic. She tried to get her records changed but couldn’t, and eventually her case reached debate in the House of Commons. Even then, following the debate, it took her another two years to get the records changed. She went on to found The Big Opt Out. There are difficulties with large losses of data. One problem of electronic databases is the amount of data lost – the number of people involved. It is very difficult to make systems secure and to allow people to have access to one thing and not to others. The hidden information may be implied, for example, the drugs which are prescribed may make it very clear what you are being treated for. The specification for how many of these problems are to be overcome is complex – so much so that it is not enough to have a normal review process whereby people read through the spec. The proposed system and its security specification needs to be analysed mathematically. Anonymising data is not a one-step process. There is a need to correlate the data in order to answer research questions, and with multiple queries run on a subset of data it would be possible to identify an individual once the database exists. Ross Anderson at the University of Cambridge wrote extensively on this type of problem – the difficulty of keeping anonymised data useful. So, who trusts government departments to deliver this system securely? • • • •
Half of doctors won’t upload their data and 1/5 say that they intend to opt-out all their patients. Not politicians, they have stated they will opt out, and not celebrities. Not me. That leaves you. Shouldn’t you be more concerned about your privacy?
Questions Marlene Winfield
People can hide the medical data on their drugs. The clinician should discuss with their patient what needs to be hidden to make their records secure. We have actually found that there is about a 50% opt-out rate on the online forum, but these tend to be a small, self-selecting sample.
Martyn Thomas
Those who use online forums tend to be technologically informed people who are interested in healthcare, such as doctors. There was a more extensive survey on nhs.it.info.
Marlene Winfield
Doctors are worried about security but they are also concerned about sharing their power. There are many different options here.
Martyn Thomas
I agree, but we need to discuss the balance of benefit before this is rolled out. This could be done in a better, more engineering based way of building systems.
Workshop participant I feel no differently about my desire to use these records if 10 bn has already gone into this system. Can we stay with this system and address the issues you’ve raised or do we need to take a chance on it
31
for the general good? Martyn Thomas
In my experience a one size fits all approach is always a serious error. There are lots of reasons to want electronic patient records available, and maybe they should be addressed separately. There has not yet been a robust cost / benefit analysis carried out for many of the issues here – for example, the GP feels his patients shouldn’t have access to their records.
Workshop participant Can this system be fixed? Martyn Thomas
The current NHS network is a private network, but the moment that you give access to patients over the internet you open it up and cause security problems.
Workshop participant But under the old system things got lost, many of the notes were never there. The new one is an improvement. Martyn Thomas
The thing with the old system is that it was difficult to loose 94,000,000 records at once. This problem is caused by aggregating the data. So if you loose many records does it really matter? Once privacy is lost you cannot retrieve it, and I don’t think we’ve undertaken the analysis to be able to reduce that risk.
Marlene Winfield
You can’t download multiple records from the NHS database.
Workshop participant Is it the size of the database that’s the problem? Martyn Thomas
It seems to me that the bulk of the benefit is from the transfer of data between clinicians and the national record. This could be handled without increasing the vulnerability much at all.
Martyn Thomas
Two suppliers have already left and the systems are having significant problems. I don’t believe that Connecting 4 Health have got to where they planned to be today, but I believe that they could have done. The issues are complex and the systems are already running.
A Medical Researcher’s View Professor Simon Wessely MD FMedSci I have been a medical researcher for the past 20 years, and would like to speak about this issue from the point of view of someone doing medical research. 20 years ago I went to stay with a famous American Professor of Psychiatry. It was at the start of glasnost and it was commonly believed in the USA that Russians were using the information on their psychiatric systems to lock up dissidents. The professor had asked to see the records of 2000 people who he believed may be detained in Russia, and after some searching he received 70% of the records he requested. He concluded that the other 30% must be falsely imprisoned. I was unable to tell him that where I worked, at the Maudsley, I would only ever find 70% of the records I searched for, and that
32
was not because we falsely imprisoned people. The point is that there has never been a time when records have been sacrosanct. So if you are looking for medical notes under the current system where would you go? • • •
To medical records, where they have racks of paper records on shelves, and anyone could walk in To colleagues, who usually have piles of notes on their desks The point is that people could steal records if they wanted to
Clearly confidentiality is essential. It is a legal relationship whereby patients are able to tell their doctors intimate things, but patients do not tell their doctors everything. There are some things you do not want your doctor to know. Doctors sometimes breech confidentiality – sometimes they must. After you see a doctor a lot of people will know about your visit. If you break your leg and go to A&E at least 60 people will see your medical notes – doctors, nurses, people who take x-rays, pharmacists, people who write reports – they need to see your notes in order to do their jobs, and this is normal. There are advantages to the new system. For example, you can correct your notes. I used to work at Broadmoor, and the nurses there always sold stories to the tabloids. There was an agreement that the papers give a flat fee of £50 for stories, and it was common practice. At the Maudsley some people who use the services are well-known, and the greatest risk to security is known to come from people who are inside the system. They have publicly fired people, making high-profile examples of those who have breached confidentiality. With the new system those people now leave electronic traces on the records, and they can be found out. So how do we do research in the new environment? Well, the default position is consent. For most research you need to have consent to use a patient’s data. If you don’t have consent it is considered assault, and that is what it would be called in legal terms. Around 70% of research is carried out under consent. The rest of the studies proceed by anonymisation. For example, to pick up a problem with a drug using electronic records you only need to know the name of the drug and the effect you are looking for. For example, a particular drug – an antidepressant – led to an increased likelihood of people breaking their hips. So, to find out if this relationship exists you type in the name of the drug, the effect you are looking for, and see how many records come back. This approach is safer, quicker and more accurate than previous methods of research. The bigger sample size leads directly to improved care. In the NHS we often employ semi-anonymisation, where you could work out who the person is, but you would have to work hard to do it. Research is carried out under the principle of consent or anonymised. Under the current system you have no control over the use of your anonymised data, but I don’t believe that anonymised data counts as your data. Under some circumstances it is not possible or not desirable to obtain consent, and sometimes the research work can only be done that way. For example: There was a story in the press that if you had an abortion you were more likely to get breast cancer. Most people who have had abortions are unlikely to give consent or be willing to discuss it. These most likely to give consent would be those who had cancer. This would introduce bias into the results, and the research would be meaningless. So, in this case it is not
33
possible to get consent. But there are registers for diseases such as cancers, and anyone who had breast cancer would be entered on the register. The data for the research could be taken directly from the register without consent, and it would only be possible to do the research in this way because if you went for consent the result would be wrong. I took part in a study where we looked at the health of veterans of the Gulf War. We needed to find veterans and wanted to take their blood and examine their immune systems. To do this you need consent. You would think that of all the groups in the country the easiest to find would be those in the army – but no. Soldiers tend to move around. When they leave the army they go onto the reserve liability, so that if there is another war they can be called up to fight. The top name given on the reserve list was ‘Mickey Mouse’, and 60% of the addresses on the reserve list proved to be false. Those who had left the army did not want to be traced so they could be called up to fight. So, we needed to find them but they are young men, and tend not to have GPs and to move around a lot. If they hear that someone is looking for them they tend to think it is child support and move. It took £2mn to find 2/3 of the veterans. In another study we were looking at the effects of depleted uranium and whether it causes cancer. People serving in the forces in Yugoslavia were exposed to depleted uranium and the research team needed to know if the veterans list matched the cancer registry. We could get consent, but we know that those who have cancer will be the easiest to trace, which will introduce bias, and that it costs £2 million to trace 2/3 of the veterans. With this in mind we decided to do the study without consent. This is not a straight forward process. • •
• •
Firstly, we needed to go to the MRC for a research grant. This process takes around one year. Then we needed ethical approval for the study. This needs to be given by each institution involved, so the ethics committee for the Maudsley is separate to the ethics committee at the Ministry of Defence. Then R&D approval needs to be given for every region where the soldiers are living. Once this approval has been granted another Department of Health committee needs to be consulted on the breech of confidentiality.
We are also – unable to upset anyone, bound by confidentiality outside the study, obliged to show that the research is in the public interest, obliged to show that the research cannot be done any other way. In England we couldn’t do the research, but in Scotland, under a different committee we could. We found no correlation between the serving in Yugoslavia and cancer, but only in Scotland. So: it is already the case that people know your medical history. You probably don’t know about all the people who look at your medical notes to check up on GPs. This already happens. For research the issue is very complicated. The NHS was established to both for care and for research. I believe it is a two way contract and that if you benefit from the NHS then you should participate in research. As far as patients are concerned, confidential data can be used, and I don’t think you should be concerned. Questions Workshop participant When people go on registers such as the cancer register should they give consent? Should they be
34
asked? I feel it would help people to know that their data is being used for research, it would let them feel that they are doing good. Simon Wessely
The GMC guidelines are that people should be informed, but we know that when you have a consent system it tends to bias the data. It is generally the disadvantaged that don’t give consent, and these tend to be the people most at risk of disease. This well-documented and is known as the inverse care law. Most research and most care is focused on the people who need it least. So yes, people should be told, but it is an ‘opt out’ presumed consent system. Most people won’t take part, but far fewer will actively refuse. It is unrealistic to move to a complete consent or anonymise culture. Connecting 4 Health will not remove the current systems completely. But – you can now do lots of studies without ever dealing with confidentiality. For example, drug safety – with the new electronic records the thalidomide tragedy would never have happened. Currently drugs are tested in randomised controlled trials on 3-4,000 people. This will spot common side effects, but using the electronic data in research makes it possible to spot serious rare side effects.
Lesley Patterson (RAEng)If you have access to this data how powerful is it going to be? Simon Wessely
It has the potential to transform medical care – spotting patterns, sending reminders, giving guidelines to GPs – for example if they have entered those symptoms have they considered… Epidemiology is the big use, and this is commonplace in Nordic countries. Not in Iceland though, where they began to include genetic information on the database, leading to a public backlash. This data was also made available commercially. The public are very suspicious of industry and that was a move beyond altruism. The people were not happy with the move. The NHS do sell some data – they sell their prescribing data, and I feel that I don’t like that. I object to industry using my data.
Marlene Winfield
If they will pay the NHS for data there should be public debate on the subject.
Public Data and Security Gus Hosein Well, unlike the other speakers I’m not an expert on the NHS. The NHS is about welfare, and is more controversial to speak about healthcare than it is to speak about ID and security. Who here has a supermarket loyalty card? Most people allow supermarkets to collect data about them. There is a notion that if you will give away your personal information for loyalty points then you cannot care about your privacy. Who here uses social networking sites? Who uses Facebook? I’m particularly concerned with Facebook. There is a notion that if you are willing to give information away you don’t care. There is a reason that on Facebook when you add an application they always
35
ask for your consent. The reason is that they screwed up badly last year with a file. They said that if you didn’t want things you could opt out, but now after consultation they have changed all the options to opt in. But you must know that Facebook doesn’t make its money from social networking – it makes it from targeted ads on their site. But what if Facebook gave your information to the government? What if they helped the government trace who your friends are? Would you feel violated? What if they sold to advertising? What if they sold to researchers who would analyse the data to search for paedophiles on the internet? I did some work with the UN, who approached me to look at their work in refugee camps and how information was collected. There is a database of refugees held by the UN which includes their medical records and data on whether they had been raped when they were examined. This is sensitive data, it shows, for example, whether their kids are their own. The genetic data is on the file. This information allows the UN to identify fraud in the refugee camps – they often have problems with people claiming for more children than they have to get more food and the UN need to distribute supplies fairly. The records let them sort out food and doctors, but there are problems with this database. The data often goes missing. Militant factions come into the camps and steal the computers. Some countries, such as the US, insist on seeing the data before people are given asylum, allowing them to choose, on the basis of sensitive, personal data, who they will have. Major decisions are made on the basis of this insecure data. The database could easily form a list of people to kill if it fell into the wrong hands – and it often does, but the UN will not ask for consent for inclusion on the database. They say it would be too difficult to explain the issues around consent to the refugees. In many ways what they are saying is that the refugees are too stupid to understand, and this means that the workers start to see these people as just sources of data. They are just numbers, which are shared and decisions made for their own good. Currently Microsoft and Google are both competing to get involved in supplying systems to deal with medical records. Microsoft know that they are hated and mistrusted, and it is remarkable to see how they are designing their systems carefully to ensure security and consent. The information that goes out to third parties has strict rules on how that information is used and stored. Why are we being so conservative? Do we think that people are too stupid to make decisions? Questions Martyn Thomas
The issue is that once the data is in someone else’s hand you’ve lost control of it. They can change their mind about how they use it. Governments can step in and take the data.
Gus Hosein
This is why I was impressed with Microsoft. I would like to point out that it was just nice to see their approach. I’m not here to advertise Microsoft. This is also why I used the Facebook example. I agree about the governments. Informed consent is a big issue, but it needs to be done without presuming everyone’s an idiot.
Martyn Thomas
Should it just be down to the person who wants your data? Other issues may come out.
36
Workshop participant Scandinavia is an interesting example – they have a transparency law. Workshop participant From the Microsoft example – how often is information actually dropped if you opt out? Gus Hosein
That’s interesting. They often don’t shut down accounts. Many online companies don’t. E-bay changed their model and now when you delete an account they only keep the information as required by law. Facebook took a lot of persuading to delete accounts.
Workshop participant It seems there are some interesting issues about how consent is obtained.
37