Sidewinder asks: are we going to have a spineless NHS?

Would you hand over your medical records to Microsoft or Google? The Tories might. The papers aren’t keen. But Davey Winder thinks there might be something to say for the idea. 

If recent newspaper reports are anything to go on, it would appear that the Conservative Party is considering the option of breaking the NHS Spine, ending the centralised NHS Care Records Service and - in effect - outsourcing patient records storage and access.

Perhaps understandably, there has been something of a media furore about this, not least because the right-leaning Centre for Policy Studies has put forward similar proposals in a report called It’s ours - Why we, not government, must own our data.

The report suggests that technology companies like Microsoft or Google might be best suited to the data storage and management task. Viewed through the prism of the media, this has been turned into talk of ‘the Tories breaking the back of the NHS and handing over medical records to big business interests.’

Big business is watching you

Well, is ‘big business’ necessarily a bad thing in terms of data security and confidentiality? The kneejerk reaction is usually to say yes, of course it is. Who knows what they will use that data for? Can we trust it to secure our medical histories?

A more considered answer would take into account the fact that these companies are already gaining experience of personal health record storage. Microsoft’s HealthVault is a case in point (available in beta in the US, it allows patients to compile their own medical histories, pulling in data from a number of medical systems and devices to do it).

Besides, the public sector in general and the NHS in particular come under fire for data security breaches on an all too regular basis. One survey revealed that a staggering two thirds of the population simply does not trust the government with personal data.

Then there is the small matter of money. The cost of the NHS Spine and associated projects is in the billions. With a recession-fuelled requirement to cut back on public spending, the notion of encouraging individual citizens to store their own medical and health records looks increasingly attractive.

The ‘do-it-yourself’ approach may also have some positive side effects; anything that encourages people to take proactive responsibility for their health should encourage healthier lifestyles.

Putting the individual in charge

Personally, I have something of a liking for the decentralisation of information. With my security consultant hat on, I understand the dangers implicit in hooking data up to the Internet.

Yet I also appreciate that it is quite possible to design the kind of technical architecture needed to "draw information and services from multiple sources and to enjoy choice in which providers we select” – as CPS report author Liam Maxwell so eloquently puts it.

By applying the same multi-source dynamics to the NHS, it should be possible to vendor-unlock service provision rather than tie patient record data down to a single commercial entity, as much of the media seems to be suggesting.

The mistake would be to focus on the commercial nature of these organisations. Access to data and control of that data are two very distinct things. Currently, the government provides both access and control; decentralisation could tip the balance back in favour of the individual. The fact that commercial partners are the vehicle for that process should have no effect whatsoever on the outcome.

Wait for the detail 

Of course, the devil will be in the detail, and detail will be in short supply until the Tories reveal all when they publish a review of NHS IT that they commissioned last year.

We don't know exactly what measures would be implemented to replicate Caldicott guardianship. We do not know what would happen to e-prescriptions and the online patient appointment booking system, either.

Most importantly - and something that has been flagged up by more than one doctor I have spoken to - we don’t know how medical staff would know which patient health record provider dealt with any given patient. Or how they would access vital data if the patient was unconscious and couldn’t give their consent.

Maxwell, however, insists that both security and privacy will be enhanced by the decentralisation process as it "necessarily reduces the risk of a single, massive, data loss" and the requirement to have open data standards “will further bolster that security."

We can’t jump the gun. We know the Tories want to replace the National Programme for IT in the NHS with something - we just don't know what. We also know they are likely to be looking to multiple organisations for any public health records provision.

What we don't know is when, or indeed if, such plans would be implemented; not least because we don't know when, or indeed if, the Conservatives will return to government.