Search tips
Search criteria 


Logo of brjgenpracRCGP homepageJ R Coll Gen Pract at PubMed CentralBJGP at RCGPBJGP at RCGP
Br J Gen Pract. 2008 April 1; 58(549): 279–280.
PMCID: PMC2277117

Connecting for Health

Ross Anderson, Professor of Security Engineering

In an editorial in your March issue,1 senior officials from the Department of Health claimed of the Summary Care Record (SCR) that ‘It is a health record and there will be no access for police, immigration authorities, or others.’

This credulous view was undermined when Computer Weekly noted that the health minister Ben Bradshaw had already told parliament last year that the police have access given a court order, or where there is statutory authority, or where there is an overriding public interest.2 As I had pointed out in my February editorial to which the Department was responding,3 the police have always been able to get a court order to seize material that is actual evidence of a crime. For the Department to affect ignorance of this was perplexing.

In practice, medical confidentiality depends on who controls access as much as on the letter of the law. For example, one of the family planning charities was asked by the police to supply the names of all their under-16 patients; they refused, and the police sensibly did not press the matter.4 Had they gone to court, there could have been an interesting test of whether UK law on medical privacy complies with the European Convention on Human Rights (a 2006 study for the Information Commissioner concluded that it doesn't).5 However, in future the police will have a less troublesome option: they will be able to ask BT, the custodian of the secondary uses service (SUS). A BT manager may well be less combative than a practising gynaecologist who sees her patient relationships, professional integrity, self-esteem, and business viability all directly under threat from a police fishing trip.

Michael Thick and his colleagues also had a letter in your March issue that made an intemperate personal attack on me for encouraging patients to opt out of the SCR,6 while their editorial boasted of the fact that patients can opt out of the SCR. This bluster — that we can opt out of the SCR if we want to, though it's irresponsible to suggest that anyone actually do so — was echoed in parliament. When Mr Bradshaw was asked whether patients would be able to opt out of the care records service, he answered it by referring solely to the SCR.7 Ministers and officials have been careful to focus on the safeguards for SCR, and avoid discussing SUS. Yet the new centralised system has at least three components holding large amounts of identifiable health information — SUS, the SCR, and the Detailed Care Record (DCR). The first two are already beyond clinical control, and the third is heading that way as more and more records from both primary and secondary care migrate from local to hosted systems. As I noted in February, many government departments have declared intentions to use identifiable health data, such as the Home Office's ONSET database that tries to predict which children will offend. And, despite the Department's comments, GP data have already been used to hunt illegal migrants.

I repeat my call for GPs to make leaflets from The Big Opt Out8 available in waiting rooms. This will reassure patients that they will not suffer discrimination (in the practice at least) if they exercise their advertised right to opt out. Finally, I would like to invite all GP partners to think very carefully about whether it's wise to accept the Department's kind offer to move your practice records to a hosted system. Once you lose control, you will have a hard time getting it back.


1. Davies M, Eccles S, Braunold G, et al. Giving control to patients. Br J Gen Pract. 2008;58(548):148–149. [PMC free article] [PubMed]
2. Bradshaw B, written answer to Wright J, Hansard Dec 10 2007; cited in Collins T, ‘Police to be allowed searches of national database of NHS patient records’. Computer Weekly, Feb 28 2008.
3. Anderson R. Patient confidentiality and central databases. Br J Gen Pract. 2008;58(547):75–76. [PMC free article] [PubMed]
4. Foundation for Information Policy Research. Consultation response on The Data Sharing Review. (accessed 13 Mar 2008)
5. Anderson R, Brown I, Clayton C, et al. Children's Databases — Safety and Privacy. Wilmslow: Information Commissioner's Office; 2006.
6. Thick M, Eccles S, Braunold G, et al. Connecting for Health. Br J Gen Pract. 2008;58(548):204–205. [PMC free article] [PubMed]
7. Bradshaw B, written answer to Letwin O. Hansard, Feb 27 2008.
8. (accessed 13 Mar 2008)

Articles from The British Journal of General Practice are provided here courtesy of Royal College of General Practitioners