NO2ID

INFORMATION MANAGEMENT AND TECHNOLOGY

121 AGENDA COMMITTEE: That conference, with regard to systems allowing access to a patient’s GP held electronic
medical record demands that GPC:
(i) ensure the role of the GP as being the responsible data controller is recognised
(ii) establish rules as to the level of access available to third party individuals and the appropriate training required
to enable this
(iii) ensure that data added by a third party is auditable and can be corrected with no liability on the GP for such
inaccuracies and
(iv) ensure patient participation is by opt in and their consent for viewing their record is enshrined.

121a HULL AND EAST YORKSHIRE: That conference believes that if the NHS has decided that a shared clinical record is
needed for patient care:
(i) the role of GP as being responsible data controller should be formally recognised and appropriately funded
(ii) no one in a clinical role should be able to add to that record unless they do so within standards set by the
patient’s data controller
(iii) the data controller must be able to over-ride inaccurate data entries by others.

121b SUFFOLK: That conference, in the light of the development of systems allowing secondary care and other provider
organisations to view a specific patient’s entire electronic medical record held by the GP, calls upon the GPC to:
(i) negotiate to establish the ground rules concerning adequate patient consent and potential liability arising from
use of the facility
(ii) negotiate to establish ground rules relating to the required grade of person who may view this record and the
training in interpretation of GP systems’ information that will be required
(iii) attempt to ensure that any facility which becomes available enabling third-party alteration of GP-held records is
required to have a clear audit trail and that the altered entry is clearly differentiable from native entries
(iv) seek to limit the liability of the GP where decisions are taken on the basis of records which have not been
updated and thus do not represent exact contemporaneous fact
(v) includes in any negotiation the requirement that the Department of Health ensures that the public is fully
informed of this initiative before it is brought into operation.

121c HARINGEY: That conference demands that any computerised data sharing puts the patient at the centre and so
requires patient permission to opt in than an automatic opt in.

121d BEDFORDSHIRE: That conference believes that the Summary Care Record project is not fit for purpose in its current
form and calls on the GPC to:
(i) work with the government to find alternative IT solutions for supporting patient care using existing systems
(ii) resist any attempts to allow access to a patient’s personal health information by anyone who does not have any
legitimate interest in the patient’s care.

121e CUMBRIA: That conference believes that in these days of increasing potential to share information:
(i) the driving principle should be benefit to patients
(ii) rigorous controls need to be in place to protect patient confidentiality
(iii) robust governance and monitoring systems need to be in place in every organisation to ensure access to patient
data is on a ‘need to know’ basis in connection with treatment
(iv) the creeping increase in administrative access to patient data for ‘management’ purposes should be challenged,
and
(v) the sensitivity of certain categories of information, such as sexual health issues requires special consideration.