I thought this issue was most relevant for my latest blog – we may never hear the end of the issues surrounding the ‘News of the World’. I want to relate privacy of my healthcare record to my own general experiences – starting with two scenarios.
1) I recently went to a closing down sale at a furniture shop (Dwell) who took my name and address. I was told by the assistant that this was because it’s a sale item and the shop insists on knowing who sale items have been sold to. Two weeks later I started receiving magazines and special offers by post.
2) When I sign up for a social network site (this could be Facebook, LinkedIn or some other website) I get asked whether I want my information to be public, partly shared, private or whether my profile is completely hidden so that others cannot find it.
Both, in my mind, are core examples of why privacy is so important: choice. 1) I may never shop at the furniture store again because I wasn’t given the option of opting out and my information has been misused and 2) I have a choice of who sees my information on a social site.
The same applies in the NHS – I want to be assured that my information is safe in the hands of the data controller and any decision to use it or share it I want to be aware of. This brings me to another reason for this blog, is a recent Information Governance query I received about using and giving out sensitive information: I don’t believe there can be a rule book for this issue but it’s a question of where you draw the line.
Let’s take some more examples:
1) When I was teenager I spent time in and out of hospital for Scoliosis surgery. I don’t mind if the clinical (sensitive) information is shared to help with other cases but I want to be informed that this is the case
2) Taking the above example: If during that time I wanted a parent to make or cancel an appointment I would be happy if the hospital allowed this as I find it unlikely that someone would go to the effort to maliciously cancel an appointment of mine.
a. Besides, this person should know my consultant, my condition and its time for the administrators assurance
3) Again, taking the above example, if I call to book an appointment and the administrator tells me I cannot have an appointment in a weeks time because I’m booked in for an appointment at the sexual health clinic I would be somewhat unhappy that my information had been shared inappropriately.
We must remember that the patient needs to know when information is shared and consent to it because they have the right to that choice. Staff across the NHS making the right decisions doesn’t fall down to a need for this to be ‘spelled out’, it’s a training issue about process and interpretation of policy - the difference between what isn’t and what is sensitive information being one key part of that understanding.
I imagine that one of the reasons for patients to have their own record is to give a sense of trust that they are in control of their information. My point is to say that with a combination of robust training and robust process the culture of the organisation should reduce the risk of a privacy breach and win the trust of patients because employees understand the sensitivity and value of the information they are in control of.