Abstract
This chapter considers an individual’s privacy interests in the context of electronic health records, focusing particularly upon the introduction of the Summary Care Record in England. It begins by considering the meaning of privacy in the healthcare context today, given the advances of new technologies. It then proceeds to discuss the specific issues of consent, confidentiality, data protection and security in the context of electronic health records. It argues that electronic health records pose significant new risks for the privacy and security of personal health information. Mere compliance with the confidence and data protection laws will not suffice to protect the government from a legal finding of a violation of an individual’s right to respect for private life unless all reasonable steps have been taken to avoid the risk of unauthorised access, whether by healthcare workers or others.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in via an institution.
Notes
- 1.
See www.connectingforhealth.nhs.uk/systemsandservices/scr for details of this scheme.
- 2.
GMC Guidance: Confidentiality (2009).
- 3.
[2004] 2 All ER 995, at para. 145.
- 4.
Article 8(1): “Everyone has the right to respect for his private and family life, his home and his correspondence. (2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”
- 5.
(1997) 25 EHRR 371, para.95.
- 6.
Greenhalgh et al. (2010). This report is referred to extensively in the remainder of this chapter.
- 7.
Greenhalgh, Stramer et al. (2008), p. 1786.
- 8.
Sheikh (2010), at 6.
- 9.
Greenhalgh, Stramer et al., n. 6, p. 15.
- 10.
Bainbridge (2008), pp. 635–636.
- 11.
Greenhalgh, Stramer et al., n. 6, p. 25.
- 12.
Ibid, p. 27.
- 13.
The White Paper, and consultations upon it, is available at www.dh.gov.uk/en/Healthcare/LiberatingtheNHS/index.htm.
- 14.
Greenhalgh, Stramer et al., n. 6, pp. 27–28.
- 15.
NHS Connecting for Health (2011), ‘Your Health Information, Confidentiality and the NHS Care Records Service’ (available at www.nhscarerecords.nhs.uk/publications), p. 2.
- 16.
Walport (2010), p. 3022.
- 17.
DesRoches et al. (2010), p. 639.
- 18.
See also Greenhalgh, Stramer et al., n. 6.
- 19.
Greenhalgh et al. (2008), p. 1290.
- 20.
Ibid.
- 21.
Ibid.
- 22.
Ibid.
- 23.
Ibid.
- 24.
Ibid.
- 25.
Ibid.
- 26.
Greenhalgh, Stramer et al., n. 6.
- 27.
Ibid, p. 142.
- 28.
See ibid p. 149. Greenhalgh, Stramer et al. also report that some general practitioners are unable to create the initial Summary Care Record as their systems are not Summary Card Record-compliant, but once level 2 content is introduced, patients may have their Summary Care Record created by someone other than their general practitioner, which will complicate the provision of consent for the Summary Care Record still further.
- 29.
Ibid, p. 154–155. While the NHS website does promise that “the decision will ultimately be made by your child’s GP and there may be specific circumstances where the GP feels that the best interests of your child may justify the creation of an SCR”, this assumes that the GP will have full knowledge about the risks facing the child. In situations where the risk is unknown, the parents will still retain discretion to restrict the sharing of information. (See http://www.nhsrecords.nhs.uki/faqs )
- 30.
Greenhalgh, Stramer et al., n. 6, p. 102.
- 31.
Ibid.
- 32.
See Beauchamp and Childress (2009), p. 302.
- 33.
Coco v A N Clark [1969] RPC 41.
- 34.
The English courts have taken a more relaxed approach to the obligation of confidence requirement since the Human Rights Act 1998 introduced a right to respect for private life into domestic law. The gap left by the absence of an explicit right to privacy outside of the Human Rights Act has been filled by a liberal use of the duty of confidence which focuses on the nature of the information, rather than the nature of the relationship in which it was disclosed. See for example Venebles v News Group Newspapers [2001] 1 All ER 908 where the President of the Family Division confirmed that a duty of confidence may arise independently of any relationship between the parties (at p. 933).
- 35.
It is worth noting that, even if information loses its confidential nature, it may still be regarded as private information protected by a right to respect for private life and so there may remain limitations on its use.
- 36.
Siegler (1982), p. 1518 (reproduced in Vaughn L (2010), Bioethics: Principles, Issues and Cases, at p. 135).
- 37.
[1990] 1 All ER 833.
- 38.
Generally see Bainbridge, n. 10, Part 5.
- 39.
Data Protection Act 1998, Schedule 3, Part I.
- 40.
Data Protection Act 1998, Schedule 3, Part 8.
- 41.
See Schartum (2010), p. 20.
- 42.
Schartum, ibid, at p. 3.
- 43.
- 44.
Greenhalgh, Stramer et al., n. 6, p. 18.
- 45.
Schartum, n. 41, p. 25.
- 46.
Ibid, p. 18.
- 47.
See n. 5.
- 48.
(1999) 28 EHRR 313.
- 49.
Applic. No. 20511/03; Judgment of 17 July 2008.
- 50.
Ibid, para. 38.
- 51.
Ibid.
- 52.
Ibid, para. 47.
- 53.
Greenhalgh, Stramer et al., n. 6, p. 139.
- 54.
Ibid, p. 208.
- 55.
Ibid.
- 56.
Ibid. They also discovered that front line staff perceived the insoluble tension between sharing data and protecting privacy as being either unrecognised or glossed over by Connecting for Health. (p. 145.)
- 57.
See, Greenhalgh, Stramer et al., ibid, p. 145.
- 58.
These alternative methods are explained by Greenhalgh, Stramer, ibid, p. 145.
- 59.
Big Brother Watch (2010) ‘Broken Records’ available at http://www.bigbrotherwatch.org.uk/brokenrecords.pdf.
- 60.
Ibid.
- 61.
Savage (2009).
- 62.
See http://news.bbc.co.uk/1/hi/8707355.stm for details.
- 63.
References
Bainbridge DI (2008) Introduction to information technology law, 6th edn. Pearson, Harlow
Beauchamp TL, Childress JF (2009) Principles of biomedical ethics, 6th edn. Oxford University Press, Oxford
Big Brother Watch (2010) ‘Broken Records’. www.bigbrotherwatch.org.uk/brokenrecords.pdf. Accessed 18 Mar 2011
DesRoches CM, Campbell EG et al (2010) Electronic health records’ limited successes suggest more targeted uses. Health Affairs 29:639
Greenhalgh T, Stramer K et al (2008a) Introduction of shared electronic records: multi-site case study using diffusion of innovation theory. BMJ 337:1786
Greenhalgh T, Wood GW et al (2008b) ‘Patients’ attitudes to the summary care record and healthspace: qualitative study. BMJ 336:1290
Greenhalgh T, Stramer K, Bratan T, Byrne E, Russell J, Hinder S, Potts H (2010) The devil’s in the detail: final report of the independent evaluation of the summary care record and healthspace programmes. University College London, London
NHS Connecting for Health, ‘Your Health Information, Confidentiality and the NHS Care Records Service’. www.nhscarerecords.nhs.uk/publications. Accessed 18 Mar 2011
Savage M NHS ‘loses’ thousands of medical records The Independent, 25 May 2009
Schartum DW (2010) Designing and formulating data protection laws’. Int J Law Info Tech 18(1):1–27
Sheikh AA (2010) Confidentiality and privacy of patient information and records: a need for vigilance in accessing, storing and discussing patient information. Medico-Legal Journal of Ireland 2 16(1):2–6
Siegler M (1982) Confidentiality in medicine: a decrepit concept. New Eng J Med 307:1518 (reproduced in Vaughn L (2010) Bioethics: principles, issues and cases (Oxford University Press, Oxford)
Walport M (2010) Do summary care records have the potential to do more harm than good? BMJ 340:302
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Wicks, E. (2013). Electronic Health Records and Privacy Interests: The English Experience. In: George, C., Whitehouse, D., Duquenoy, P. (eds) eHealth: Legal, Ethical and Governance Challenges. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22474-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-22474-4_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22473-7
Online ISBN: 978-3-642-22474-4
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)