The Care Record Guarantee
The Care Record Development Board has a new draft out of the proposed Care Record 
(Word Doc).
What is unfortunate however is the release of the document on the 16th of July & the deadline of the 20th of July for responses to the same. The length of the consultation period perhaps indicating how seriously the exercise is being taken?
Anyway, here are a few notable statements from the document.
“A patient can decide not to allow access to their Patient Clinical Record to any health professionals involved in their care. In further developments of the Patient Clinical Record patients will be able to request that specific clinical items in their record are not available to specific individual health professionals or groups.”
“The acceptability of the NHS Care Record Service depends crucially on the controls around access. Briefly, there are two broad types of security:
1. Care professional centric security which includes role-based and workgroup-based access: authenticated health professionals are issued with personal smart cards which define their role and group, and through that define their access to clinical data within both the National Summary Record and the Patient Clinical Record.
2. Patient centric security: individual health professionals can only access a record for a patient with whom they have a legitimate relationship and within the constraints of patient consent.
An audit trail will document all accesses to patient data. Local data supervisors, called Caldicott Guardians, will be alerted on any inappropriate access to clinical data in the NHS Care Record Service.”
Unfortunately the devil is in the detail.
Lets take the first statement that patients can block access to the record by any professionals involved in their care. Tying this in with the security plans proposed broad classes of professionals can apparently be blocked from acccessing the record. Easy enough to implement though it does not get rid of the problem of people looking over the shoulders of others and the fact that information security is never a priority in any large organisation.
But what of the second assurance that individual personnel will only be able to look at records if they have an ongoing care relationship with the patient?
What constitutes a relationship? Who decides if it is legitimate and how exactly are patients supposed to know the differences between the 50 or so people who might be expected to need access to the record during one acute attendance to secondary care?
What this will do is overload patients with information that they cannot be expected to handle and as a consequence the number of abuses picked up will be very low.
Given the inadequacy of the current Caldicott governance system where the NHS would be hard pressed to prove a handful of successful prosecutions for inappropriate access, are they proposing a 1000 fold increase in the resources available to the teams?
I could go on in this veing but the gist of my observations is that a broad statement of principles without understanding the detail of how exactly the scheme will work is of no use to anyone.