
HMRC	DoH	DWP	PM

DVLA	MoD	Home Office	MoJ

ARE YOU GOING TO TRUST THIS GOVERNMENT WITH YOUR MEDICAL RECORDS ?

The Labour government is desperately hoping to transfer everyone's medical records to yet another massive, centrally–held, government–controlled database, making patients' medical records potentially viewable to hundreds of thousands of NHS staff nationwide.

In January 2008 a poll by the British Medical Association revealed that nine out of ten doctors have no confidence in this government's ability to safeguard patients' data online or felt that they were in a position to assure patients that their data would be safe.

In 2007:

HM Revenue & Customs lost 2 CDs containing unencrypted child benefit records for 25 million people (including the bank details of 7.25 million families)
It is generally accepted that this is the biggest single loss of personal data in the world to date
HM Revenue & Customs lost the pension policy details of 15,000 customers
The Department of Work and Pensions lost the personal financial details of 40,000 housing benefit claimants
The DVLA lost the details of 6,000 drivers from Northern Ireland
The DVLA lost the details of 3 million candidates for the driving theory test

In April 2007, The Department of Health (DoH) made the personal details – including religious beliefs and sexual orientation – of medical students applying for their first posts as doctors available to view on a public and unsecured website.
The Information Commissioner's Office declared the DoH in breach of the Data Protection Act over this appalling action.

In May 2007, the Foreign and Commonwealth Office (FCO) was responsible for personal data of people applying for visas to enter the UK being visible to others visiting the application website.
The Information Commissioner's Office declared the FCO in breach of the Data Protection Act over this appalling action.

In 2008:

The Ministry of Defence (MoD) admitted to losing unencrypted personal, medical and financial details of 600,000 applicants for the Armed Forces
The Ministry of Justice (MoJ) admitted that four computer discs containing personal and confidential details of magistrates court cases went missing in the post
The Home Office admitted that it had lost, for more than a year, a computer disc containing details of 4,000 DNA profiles of suspected foreign criminals. The failure to correlate that lost data with our own has had serious implications for the public safety of UK citizens

There seems to be no end to the amount of personal, sensitive, medical and financial data that this Government is able to lose.

And the roll call of data breaches grows, day by day. Since the catastrophic security breach at HM Revenue and Customs in November last year, the Information Commissioner has been notified of almost 100 serious data breaches by public, private and third sector organisations. Of the 62 reported by public bodies, a third occurred in central government and associated agencies and a fifth involved the NHS. More than 600 staff at HM Revenue and Customs have been subject to disciplinary proceedings after inappropriately accessing customer records since the creation of the department in 2005.

Now it appears that government staff in the Department of Work and Pensions have been continuing to send out highly sensitive data in packages containing passwords that provide access to the information.

No wonder that 9 out of 10 adults in the UK do not trust this government with their personal information.

On the 3rd January 2008 the parliamentary Justice Select Committee produced a damning report into the way that the Government mishandles private data in the wake of the HMRC child benefit records scandal. To quote the report:

On the 4th March 2008 the parliamentary Joint Committee on Human Rights produced another damning report into the way that the Government mishandles private data in the wake of the HMRC child benefit records scandal. To quote the report:

"The roll call of banks, retailers, Government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying."

"We are extremely concerned to hear from the Information Commissioner that there are more cases involving the loss of personal data which have not yet fully come to light. The warning which he issued in the summer about the dangers of mishandling personal data and the extensive security lapses in a wide range of organisations has been proved correct."

"There are, however, substantial risks associated with large databases which contain personal data and which are open to large numbers of licensed users."

"There is evidence of a widespread problem within Government relating to establishing systems for data protection and operating them adequately."

"However, it would be wrong to see these errors and lapses as unfortunate "one-off" events. In our view they are symptomatic of the Government's persistent failure to take data protection safeguards sufficiently seriously by defining data sharing powers more tightly in primary legislation and including detailed safeguards against arbitrary or unjustified disclosure. The rapid increase in the amount of data sharing has not been accompanied by a sufficiently strong commitment to the need for safeguards. The fundamental problem is a cultural one: there is insufficient respect for the right to respect for personal data in the public sector."

"We are surprised, and disappointed, to find that senior public officials need to be reminded of the main principles of the Data Protection Act."

"We regret that it has taken the loss of personal data affecting 25 million people - a "train crash", in the words of the Information Commissioner - for the Government to take data protection seriously. Data protection is a human rights issue and should not be treated as a fringe concern, a matter for rarely-consulted policy documents and procedures which are all too easily ignored."

More than 4,000 NHS computer smartcards, used to give access to confidential patient records on the NHS Database, have been reported as lost or stolen. The MoD alone has lost 11,000 military ID cards.

When the Labour Government is not losing data, it is selling it. Since 2002 the DVLA alone has sold 5.3 million driver records to private companies (which in at least one instance was run by criminals), raking in more than Ł9million for itself.
No wonder that more than 9 out of 10 people worry that organisations are selling their personal details illegally, according to research from the Information Commissioner's Office (ICO).

Many believe that the Government will one day link the NHS Database to its other huge databases – such as the Child Records Database (ContactPoint), the DVLA databases, Revenue and Customs databases and, most worryingly, the National Identity Register (ID Cards) and the DNA Database. In the words of the Information Commissioner himself, the UK is "in danger of sleepwalking into a surveillance society". Britain has more CCTV cameras than any country in the world. We have the biggest DNA Database in the world. We have become one of the most bugged, surveyed and monitored countries on Earth.

And so it will come as no surprise that the Government has now reneged on its promise to impose jail sentences for private detectives and journalists who raid data banks - such as the NHS Database - in search of private information about individuals.
It really is a licence to steal data.

But of course the Government will stop at nothing to resist transparency and maintain their own desire for privacy.
Read the judgement handed down at the High Court here.

The Labour government wants patients' medical records to be uploaded by default, unless the patient actively objects – an "opt out" mechanism: that is, if you do and say nothing, your notes will be uploaded. The British Medical Association, as well as many GPs, does not support presumed consent but strongly believes that patients should be asked to give informed, explicit consent before their health records are placed on a national database, i.e. an "opt in" mechanism: your notes should remain with your GP until such time as you indicate that you actively wish for them to be uploaded (if ever).

At the British Medical Association's ARM in June 2007, the profession's representatives adopted the following formal policy motions:

that "patient information and data uploaded into the proposed NHS clinical care record is not secure and confidential"

that "the BMA should advise all its members not to co-operate with the proposed centralised storage of all medical records as this seriously endangers patient confidentiality"

The Oaklands Practice will NEVER upload your medical details to the NHS database without your active and explicit consent

We will not presume consent simply by the absence of any refusal. However, a desperate Labour government might stop at nothing to achieve its political aims, and that includes coercing or forcing GPs to upload data. But they cannot upload data from patients who have "opted out".

Your medical data will be available, without your consent and in an identifiable way, to thousands of non–clinical health administrators and Department of Health officials under what is known as Secondary Use Services.

You have a choice. You do not have to allow your medical records to be uploaded to the NHS Database.

What you say in confidence to your GP does not have to end up on a government database the next day.

You have nothing to lose by opting out now. You can opt in to the NHS Care Records Service at any time in the future.

Remember - if you say and do nothing, your medical details could be uploaded. An independent evaluation concluded that most patients in the NHS Database pilot areas were not aware of the NHS Database upload programme at all, despite massive publicity, resulting in many patients having their records uploaded without their knowledge or understanding. As one GP in the pilot put it, "patients don't have a clue".
Please don't allow this to happen to your medical records.

TAKE CONTROL OF YOUR MEDICAL RECORDS

The Data Protection Act gives you the right to prevent the processing of your medical data in ways that you object to.
7 out of 10 individuals feel powerless about how their personal information is looked after.
The Information Commissioner is urging individuals to use their rights under the Data Protection Act in order to regain some control over their personal information.

YOU should decide IF and WHEN this NHS Database upload should take place, not the Government and not the local PCT. Please opt out now and ensure that your records are not uploaded UNTIL YOU GIVE YOUR EXPLICIT CONSENT FOR THIS TO HAPPEN, perhaps:

If and when you are certain that your data will not be lost or mishandled by this incompetent government.
If and when you are certain that your data will not be sold, misused or passed to third parties.
If and when you are certain that your data will not be made available via Secondary Use Services without your explicit consent.
If and when you are certain that your data will not be made available to other government departments without your explicit consent.
If and when you are certain that your medical data will not be linked to other government databases.
If and when you are happy for any one of hundreds of thousands of people with an NHS smartcard to be able to view your uploaded medical data. Many of those people will not be doctors or registered nurses.
If and when you believe that this government has your trust.

EVERY SINGLE PATIENT SHOULD TAKE CONTROL OF THEIR MEDICAL RECORDS AND OPT OUT OF THE NHS DATABASE WITHOUT DELAY

I have opted out, and many GPs and their families have too. In fact, more than eight of ten doctors in the BMA's poll said that they would not want their own personal information stored on the NHS Database.

Even MPs are starting to opt out of the NHS Database.

You DO NOT need to make an appointment with a GP to opt out. Just fill in a form and hand it in, post or fax it to us. We will respect your wishes and will add the appropriate upload–blocking read codes to your notes, as well as scanning the letter into your records. Your medical records will then remain under GP–control and not be uploaded whatsoever.

Download The Oaklands Practice opt out form in PDF format

Download The Oaklands Practice opt out form in RTF format

If you would like to email the form to us then please download the RTF file and send it to us as an attachment, or cut and paste the text of the form into an email, making sure that you add the names and DOBs of those opting out in either case (we do not require you to sign the form). Please send your opt out to the following address:

You do not have to give reasons for opting out. You do not have to justify your right to privacy.

Opting out will IN NO WAY affect the medical care and treatment that you receive from the Oaklands Practice, or affect the ability for your GP to refer you to a specialist for further care, should this be necessary. You remain fully (and legally) entitled to all the NHS care that you require, either from a GP, hospital A&E department or a hospital specialist, wherever you are in the UK. You will NOT be opting out of the NHS in any way.

I have created a generic opt out form for use at any GP surgery. Please feel free to give, send or email copies of our factsheet and the generic opt out form to your family, friends and neighbours.

This Government's record on handling personal data is utterly shambolic.
There is a very real risk that your medical records will be uploaded without your knowledge or understanding, disclosed to those that ought not to have them, and that your data will be used in unacceptable and unexpected ways beyond your control.
DO NOT PUT YOUR PERSONAL AND SENSITIVE MEDICAL DATA AT RISK – PLEASE OPT OUT

This is not a risk that you have to take.

Dr Neil Bhatia
Caldicott Guardian for the Oaklands Practice

Download our opting out factsheet (in PDF format)
Download Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Download Article 29 Data Protection Working Party Working Document on the processing of personal data relating to health in electronic health records (EHR).
Note paragraph II4b of this document which clearly states that "In contrast to the provisions of Article 7 of the Directive, consent in the case of sensitive personal data and therefore in an EHR must be explicit. Opt-out solutions will not meet the requirement of being 'explicit'."
Read the BMA's evidence to the Health Select Committee inquiry into the "Electronic Patient Record and its use".
Read the BMA's evidence to the Home Affairs Select Committee inquiry into "A Surveillance Society".
Read the MDU's latest guidance for GPs about the NCRS.
Read the Letter from the BMA to Ben Bradshaw, Minister of State for Health Services, on the National Programme for IT.
Read the Reply from Ben Bradshaw to the BMA.
Read the BMA's latest guidance for GPs about the NCRS.
Read Professor Ross Anderson's article on Patient confidentiality and central databases as published in the February 2008 edition of the British Journal of General Practice.

Highlight Reports and Project Board minutes from the Summary Care Records pilot sites can be found here. Please note that these papers were released under the Freedom of Information Act and remain copyright © of the respective PCTs.

Read the independent evaluation of the Summary Care Record early adopter programme by UCL.

The Oaklands Practice is NOT part of the first–wave of pilot practices uploading information to the Spine to form the Summary Care Record.

The Oaklands Practice is NOT submitting any medical records to the Hampshire Common Health Record project, and will never do so as long as explicit consent is not being sought for such uploads.

If you feel strongly about the NHS Database, please do look at this e-petition.

For further information regarding the NHS Care Records Scheme, and about opting out, please visit the following sites:

The Big Opt Out

NHS Care Records

For information about confidentiality, data processing and health records, as well as links to guidance for GPs, please click here:
Confidentiality and The Oaklands Practice.