Electronic Health Records and Privacy Interests: The English Experience

Wicks, Elizabeth

doi:10.1007/978-3-642-22474-4_3

Elizabeth Wicks⁴

2311 Accesses
2 Citations
2 Altmetric

Abstract

This chapter considers an individual’s privacy interests in the context of electronic health records, focusing particularly upon the introduction of the Summary Care Record in England. It begins by considering the meaning of privacy in the healthcare context today, given the advances of new technologies. It then proceeds to discuss the specific issues of consent, confidentiality, data protection and security in the context of electronic health records. It argues that electronic health records pose significant new risks for the privacy and security of personal health information. Mere compliance with the confidence and data protection laws will not suffice to protect the government from a legal finding of a violation of an individual’s right to respect for private life unless all reasonable steps have been taken to avoid the risk of unauthorised access, whether by healthcare workers or others.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Softcover Book: USD 169.99; Price excludes VAT (USA)

Hardcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
See www.connectingforhealth.nhs.uk/systemsandservices/scr for details of this scheme.
2.
GMC Guidance: Confidentiality (2009).
3.
[2004] 2 All ER 995, at para. 145.
4.
Article 8(1): “Everyone has the right to respect for his private and family life, his home and his correspondence. (2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.”
5.
(1997) 25 EHRR 371, para.95.
6.
Greenhalgh et al. (2010). This report is referred to extensively in the remainder of this chapter.
7.
Greenhalgh, Stramer et al. (2008), p. 1786.
8.
Sheikh (2010), at 6.
9.
Greenhalgh, Stramer et al., n. 6, p. 15.
10.
Bainbridge (2008), pp. 635–636.
11.
Greenhalgh, Stramer et al., n. 6, p. 25.
12.
Ibid, p. 27.
13.
The White Paper, and consultations upon it, is available at www.dh.gov.uk/en/Healthcare/LiberatingtheNHS/index.htm.
14.
Greenhalgh, Stramer et al., n. 6, pp. 27–28.
15.
NHS Connecting for Health (2011), ‘Your Health Information, Confidentiality and the NHS Care Records Service’ (available at www.nhscarerecords.nhs.uk/publications), p. 2.
16.
Walport (2010), p. 3022.
17.
DesRoches et al. (2010), p. 639.
18.
See also Greenhalgh, Stramer et al., n. 6.
19.
Greenhalgh et al. (2008), p. 1290.
20.
Ibid.
21.
Ibid.
22.
Ibid.
23.
Ibid.
24.
Ibid.
25.
Ibid.
26.
Greenhalgh, Stramer et al., n. 6.
27.
Ibid, p. 142.
28.
See ibid p. 149. Greenhalgh, Stramer et al. also report that some general practitioners are unable to create the initial Summary Care Record as their systems are not Summary Card Record-compliant, but once level 2 content is introduced, patients may have their Summary Care Record created by someone other than their general practitioner, which will complicate the provision of consent for the Summary Care Record still further.
29.
Ibid, p. 154–155. While the NHS website does promise that “the decision will ultimately be made by your child’s GP and there may be specific circumstances where the GP feels that the best interests of your child may justify the creation of an SCR”, this assumes that the GP will have full knowledge about the risks facing the child. In situations where the risk is unknown, the parents will still retain discretion to restrict the sharing of information. (See http://www.nhsrecords.nhs.uki/faqs )
30.
Greenhalgh, Stramer et al., n. 6, p. 102.
31.
Ibid.
32.
See Beauchamp and Childress (2009), p. 302.
33.
Coco v A N Clark [1969] RPC 41.
34.
The English courts have taken a more relaxed approach to the obligation of confidence requirement since the Human Rights Act 1998 introduced a right to respect for private life into domestic law. The gap left by the absence of an explicit right to privacy outside of the Human Rights Act has been filled by a liberal use of the duty of confidence which focuses on the nature of the information, rather than the nature of the relationship in which it was disclosed. See for example Venebles v News Group Newspapers [2001] 1 All ER 908 where the President of the Family Division confirmed that a duty of confidence may arise independently of any relationship between the parties (at p. 933).
35.
It is worth noting that, even if information loses its confidential nature, it may still be regarded as private information protected by a right to respect for private life and so there may remain limitations on its use.
36.
Siegler (1982), p. 1518 (reproduced in Vaughn L (2010), Bioethics: Principles, Issues and Cases, at p. 135).
37.
[1990] 1 All ER 833.
38.
Generally see Bainbridge, n. 10, Part 5.
39.
Data Protection Act 1998, Schedule 3, Part I.
40.
Data Protection Act 1998, Schedule 3, Part 8.
41.
See Schartum (2010), p. 20.
42.
Schartum, ibid, at p. 3.
43.
http://www.cullen-international.com/cullen/multi/doc/dataprot/dataprop.pdf.
44.
Greenhalgh, Stramer et al., n. 6, p. 18.
45.
Schartum, n. 41, p. 25.
46.
Ibid, p. 18.
47.
See n. 5.
48.
(1999) 28 EHRR 313.
49.
Applic. No. 20511/03; Judgment of 17 July 2008.
50.
Ibid, para. 38.
51.
Ibid.
52.
Ibid, para. 47.
53.
Greenhalgh, Stramer et al., n. 6, p. 139.
54.
Ibid, p. 208.
55.
Ibid.
56.
Ibid. They also discovered that front line staff perceived the insoluble tension between sharing data and protecting privacy as being either unrecognised or glossed over by Connecting for Health. (p. 145.)
57.
See, Greenhalgh, Stramer et al., ibid, p. 145.
58.
These alternative methods are explained by Greenhalgh, Stramer, ibid, p. 145.
59.
Big Brother Watch (2010) ‘Broken Records’ available at http://www.bigbrotherwatch.org.uk/brokenrecords.pdf.
60.
Ibid.
61.
Savage (2009).
62.
See http://news.bbc.co.uk/1/hi/8707355.stm for details.
63.
http://www.consilium.europa.eu/uedocs/cms_Data/docs/pressdata/en/lsa/114992.pdf

References

Bainbridge DI (2008) Introduction to information technology law, 6th edn. Pearson, Harlow
Google Scholar
Beauchamp TL, Childress JF (2009) Principles of biomedical ethics, 6th edn. Oxford University Press, Oxford
Google Scholar
Big Brother Watch (2010) ‘Broken Records’. www.bigbrotherwatch.org.uk/brokenrecords.pdf. Accessed 18 Mar 2011
DesRoches CM, Campbell EG et al (2010) Electronic health records’ limited successes suggest more targeted uses. Health Affairs 29:639
Article Google Scholar
Greenhalgh T, Stramer K et al (2008a) Introduction of shared electronic records: multi-site case study using diffusion of innovation theory. BMJ 337:1786
Article Google Scholar
Greenhalgh T, Wood GW et al (2008b) ‘Patients’ attitudes to the summary care record and healthspace: qualitative study. BMJ 336:1290
Article Google Scholar
Greenhalgh T, Stramer K, Bratan T, Byrne E, Russell J, Hinder S, Potts H (2010) The devil’s in the detail: final report of the independent evaluation of the summary care record and healthspace programmes. University College London, London
Google Scholar
NHS Connecting for Health, ‘Your Health Information, Confidentiality and the NHS Care Records Service’. www.nhscarerecords.nhs.uk/publications. Accessed 18 Mar 2011
Savage M NHS ‘loses’ thousands of medical records The Independent, 25 May 2009
Google Scholar
Schartum DW (2010) Designing and formulating data protection laws’. Int J Law Info Tech 18(1):1–27
Article Google Scholar
Sheikh AA (2010) Confidentiality and privacy of patient information and records: a need for vigilance in accessing, storing and discussing patient information. Medico-Legal Journal of Ireland 2 16(1):2–6
Google Scholar
Siegler M (1982) Confidentiality in medicine: a decrepit concept. New Eng J Med 307:1518 (reproduced in Vaughn L (2010) Bioethics: principles, issues and cases (Oxford University Press, Oxford)
Article Google Scholar
Walport M (2010) Do summary care records have the potential to do more harm than good? BMJ 340:302
Article Google Scholar

Download references

Author information

Authors and Affiliations

School of Law, University of Leicester, University Road, Leicester, LE1 7RH, UK
Elizabeth Wicks

Authors

Elizabeth Wicks
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elizabeth Wicks .

Editor information

Editors and Affiliations

, School of Science and Technology, Middlesex University, The Burroughs, London, NW4 4BT, United Kingdom
Carlisle George
The Castlegate Consultancy, 27, Castlegate, Malton, North Yorkshire, YO17 7DP, United Kingdom
Diane Whitehouse
, School of Science and Technology, Middlesex University, The Burroughs, London, NW4 4BT, United Kingdom
Penny Duquenoy

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Wicks, E. (2013). Electronic Health Records and Privacy Interests: The English Experience. In: George, C., Whitehouse, D., Duquenoy, P. (eds) eHealth: Legal, Ethical and Governance Challenges. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22474-4_3

Download citation

DOI: https://doi.org/10.1007/978-3-642-22474-4_3
Published: 16 April 2012
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22473-7
Online ISBN: 978-3-642-22474-4
eBook Packages: Humanities, Social Sciences and LawLaw and Criminology (R0)

Publish with us

Policies and ethics