Following a number of proposals from thinktanks and policy influencers, the Department of Health and Social Care recently published plans to introduce a single digital patient record in the English NHS. In this blog, Understanding Patient Data (UPD) Policy and Engagement Manager Emma Lagerstedt outlines what this might mean for patients, clinicians and researchers.
What has been announced?
On 21st October 2024, the Department of Health and Social Care formally announced plans to create a single patient record in the NHS App, putting ‘patients in control of their own medical history.’ The press release followed a speech earlier this month to the Royal College of GPs (RCGP), in which Secretary of State for Health and Social Care Wes Streeting stated his ambition to join up patient data into a single record, shared across the NHS.
The development will be relatively unsurprising to those in the health data policy space given previous Labour backing of proposals to deliver a single digital health record owned by patients. Anyone not immersed in the world of patient data or NHS policy reading about the plans might instead have been thinking, “wait, my patient record isn’t already being shared across the NHS?”
Where has this come from?
There is sometimes an assumption that the NHS is one single body with a fully connected data infrastructure, where information flows seamlessly between GPs, hospitals and community services. However, this does not reflect the reality of a complicated system of healthcare organisations (around 7,000+ data controllers) each responsible for collecting and sharing data. As noted by Streeting, many patients and carers are surprised to find out that their full patient record is not always available across different parts of the NHS, with important information from one care setting not always visible to staff in another. This can have a negative impact on care and lead to patients having to repeat their stories. However, a more siloed system also offers some safeguards; it is clear who is responsible for which records and limits information to the services that are responsible for it by default.
The question is whether the current default settings for health records are the ‘right ones’ or not, and the answer to this might depend on who you ask.
The stated ambition – to create a single digital patient record, owned by the patient and shared across the NHS – builds upon previous proposals from think tanks and policy influencers. In February of this year, the Times Health Commission recommended the creation of ‘patient passports’ storing a person’s full medical record, accessible across the NHS and social care. In August, the Tony Blair Institute likewise recommended the creation of a single digital health record, arguing this could bring benefits not just for patient care, but for research and innovation.
What does UPD think?
UPD welcomes the broad ambition of moving towards a single patient record, digitally accessible and shared across the NHS. There have long been calls from across the sector for one single view of the patient, but despite a focus in recent years on joining up and digitising patient data, we know it is still frequently siloed. This causes frustration for patients and clinicians alike and prevents us from realising the potential of large-scale data analysis to deliver better health outcomes, improve NHS services, and drive innovation.
We are also aware that the NHS’ data infrastructure has grown over time and become more complex. There are already ways to share patient records and relevant information across organisations, particularly in a local or regional setting through initiatives like GP Connect and Shared Care Records, with some areas already close to having a single view of the patient. However, there is no one picture of what data is held where and why, and data sharing practices vary across the country. Having a single digital record could help with tidying up this back-end infrastructure and making the way data is shared more consistent and predictable.
A single patient record can bring benefits for patients, clinicians and researchers, but can also bring risks.
What benefits might it bring for patients?
A single patient record, if implemented correctly, has the potential to give patients better access to, and control over, their patient data. 9 out of 10 Britons would like better access to their medical records. Integrating the single patient record with the NHS App could empower people to access their own medical record easily and could truly make the App the ‘digital front door’ to the NHS intended by policymakers. Whilst it is not yet clear what access or choices patients will have over their single patient record, the move could be an opportunity to put people’s data in their own hands. It could also be accompanied by better visibility of who is accessing your record. UPD’s understanding is that such functionality already exists but isn’t currently used. Enabling people to see who has accessed their record could bring transparency and be a deterrent for misuse. Whilst this could result in a barrage of queries about why someone has accessed a record if not immediately clear, it could be a compromise worth making for broader access.
The creation of a single record could also help simplify the opt-out landscape and provide patients with clearer and simpler choices, within the NHS App or in non-digital formats. This would need to be done in a careful way to ensure the choices are genuine and don’t put patient safety at risk.
What might it mean for research?
Whilst the Secretary of State focused on the benefits of a single patient record for individual patient care, he also made reference to using a single patient record for research and innovation. Often when undertaking research, researchers believe their work would benefit from access to longitudinal patient records – i.e., an individual’s entire interactions with the health system, rather than specifically just their GP record or their hospital record. This means researchers have to request access to multiple datasets and use techniques to find the same individual across them. One record would simplify this, and with the right safeguards, could make research easier.
What might the risks and challenges be?
However, whilst there are many benefits to joining up individuals’ patient records once and for all, this will require careful consideration, particularly around information governance and data access. Though a clear majority of people support their data being used in their own interactions with the health service, this isn’t true for everyone, and there are certain categories of patient data – such as sexual health, abortion or mental health history – that may be considered more sensitive or private. The creation of a single patient record needs to take the sensitive nature of health data into account so that patients feel reassured that data is still only accessible on a ‘need to know’ basis and is proportionate, without surprises. A review of Role Based Access Control arrangements, involvement of functions like the National Data Guardian and the Confidentiality Advisory Group, and a conversation with the public to understand what is considered proportionate should form part of this.
Data security and misuse will be another key challenge. Studies show that unauthorised access to data and data breaches are some of the key concerns patients have about the use of patient data. Stories of NHS staff inappropriately accessing data they shouldn’t have – such as the doctor who accessed the medical records of her ex-partner’s new partner – and large-scale data breaches understandably loom large in people’s minds when thinking about this topic. Many people experience the health system in a local way, where friends, family and acquaintances work in roles in the local NHS, and broadening access could make it easier for them to see information that people would prefer to keep private. To adequately protect against these harms and assuage the fears of members of the public, the Department of Health and Social Care and NHS England must prioritise information governance and data security considerations from the very start and ensure ‘privacy by design’.
In addition, the creation of a single patient record will have to deal with the question of data controllership question. The Times Health Commission proposal is for the data to be ‘owned’ by the patient, but how would this work in practice? The current system places the powers and responsibilities about decisions to share data on the specific organisation – the GP surgery, hospital etc. - that holds the data. A single record would move these responsibilities elsewhere, potentially to a national body like NHS England, and it remains to be seen whether this would be publicly acceptable, particularly when private sector companies are involved in the provision of data infrastructure and processing.
What next?
As with any patient data initiative in the NHS, single patient records will stand or fall on professional and public support, or lack thereof. By now, those familiar with the history of health data policy in the NHS will know that previous programmes in this space have had mixed success rates. If the Government wishes to implement this initiative effectively, they ought not to embark on a communications campaign telling people about the benefits and hoping they will agree. Instead, there is a need for collaboration and co-design to implement a system that is transparent, enables patients to make informed choices, and works for healthcare professionals. This must be an ongoing conversation, with patients and the public given a greater say in both policy development and decisions about how their own patient data is used.