Update from the ICO
"The ICO has data protection compliance concerns about SystmOne's enhanced data sharing function and the potential risk to patients' medical records held by GPs. However, given the possible impact to patient care, the ICO is not advocating that users switch off data sharing at this stage. The ICO's concerns are centred on the fair and lawful processing of patient data on the system and ensuring adequate security of the patient data on the system. We continue to work closely with TPP, NHS Digital and NHS England and have seen an initial plan that they have put forward. This includes initial steps they are taking to remedy these issues and further work is planned."
Since the article over the weekend, our CSU trainers have been contracted by a number of practices seeking clarification on the issue and asking whether they should 'turn off' sharing. Whist the ICO have raised concerns about the way S1 shares data, they fully acknowledged that to simply turn it off would constitute a significant and unwarranted clinical risk. They are instead seeking to work with TPP to ensure compliance, as they see it, to the relevant data protection laws. The issue is that the law doesn't accurately reflect the way in which TPP can share data and therefore is open to interpretation. The law also doesn't reflect the way in which SCR or GP2GP shares data either. Until this is tested legally there is no definitive way to know whether e-DSM is compliant or not. What we do know is that the clinical risk of turning off sharing is significant.
This view point is fully supported by the S1 National User Group. We are working with both TPP and NHSDigital to get further clarification. I've also been involved with a number of workshops nationally around requirements for data sharing between systems that will also address the issues raised. The issue is not helped by a general lack of understanding about the checks and balances built into the system.
Additionally 'turning off' sharing itself creates its own additional risks and issues. A practice could change its default settings to express dissent to share in and out. Most, if not all, practices currently have their practice default settings to consent to share in and consent to share is left unset. This means that data shared by the patient recorded elsewhere will appear in the New Journal, however as sharing out is left unset the system will default to an implied dissent to share GP data to any other service. Therefore records unset to share out are not shared with anyone else.
There is a very important exception to this though, in acute settings, OOH, 111 and A&E, if the patient consents to let those services see their GP record it will be visible to that service for the duration of that episode of care.
Changing the default setting will have the following effects.
- It will only apply to records as and when they are first opened after the change.
- It will over write all previous preferences, including where express to consent to share has been given by the patient. This could can a significant clinical risk to the patient,
- It will change all implied dissents to share (unset), to express dissent to share. That means the records will be blocked to all other S1 services including all urgent care units, irrespective of the patient's wishes.
- Once a setting is applied to a record, it is not possible to revert it back to an implied state. The record can only be subsequently changed to express consent to share or express dissent to share.
Default the practice settings to explicit dissent to share in - Same as above plus
- All other S1 units' information will be blocked from the practice. This will include hospice, DN, HV, OOH etc.
In summary whist there are clearly concerns around e-DSM, this needs be contrasted with the implications for direct patient care. Ultimately it is of course a practice decision as to how to proceed in the short and long term, but the advice the trainers are giving is consistent with the latest ICO statement, in that practices should not stop sharing. As soon as further clarification is been received from TTP/ICO/NHSDigital or NHSEngland, we will of course update.