Murphy’s Law and the NHS Spine

I am very conflicted about the NHS spine.  This is (will be) the computer system whereby all patient records are stored in a single system and available to any appropriate NHS worker in the UK.

As a cynical IT professional, I laugh in the face of quotes like this:

The NHS Care Records Service uses the strongest national and international security measures available for storing and handling your information.

Ha ha!  I chortle. Tee hee.

I am sure they do use the strongest etc, etc.  But let’s face it, it’s going to leak like a sieve. Health service staff are not particularly IT savvy. There’s professionalism and an awareness of patient confidentiality on the one hand, and there’s keeping your notes on a USB stick and having your handbag nicked on the other.  There’s IT policy mentioned in your induction day, and there’s using someone else’s log on because yours isn’t yet activated and the patient’s going to die (or the Daily Mail will dance with glee) if you make the wrong decision in the next 3 minutes.

One Nation under CCTV - Banksy, photograph by unusualimage

One Nation under CCTV – Banksy, photograph by unusualimage

But a far greater worry is the scope creep that surrounds any government technology. Of course they shouldn’t use our medical records to vet public sector job applications.  Of course they shouldn’t create an MRB check like a CRB check to ensure that people with – I dunno – chronic mental illness don’t get jobs as clowns (all that working with children and animals…)  Of course they shouldn’t let the anti-terrorist bunch trawl through to find whatever it is they look for these days.  Of course they shouldn’t. And of course they will.

So Ha ha! I say again.


A lack of joined-up medical record-keeping kills.  I don’t have the stats, I don’t even know what audited stats exist, but hospital medics of my acquaintance assure me that a lack of vital and timely medical histories is a killer. And you only have to talk to anyone with a chronic condition to glimpse the exhausting grimness of having to explain their history to whoever it is they’ve landed in front of this time.

So… do I allow this privileged position to ease me out of the data danger zone? I am relatively healthy and check No, No, No, No on life insurance forms. Not being on the database won’t kill me. If I turn up in A&E what they see is what they have to deal with because there’s nothing nasty in my medical history.  And I am very well aware of how hard security is to achieve (I’m an IT worker in the financial sector). And I am old enough and cynical enough to know that if great big databases are there, they will be used by self-serving governments. Do I opt out at no risk to myself because Big Data is Evil and Should Not Be Encouraged?

Or should I support the health service’s laudable attempt to save lives not to mention reducing wear and tear on the patients’ patience, even though that will only encourage Big Government?  It’s a nice gesture, and with my nice clean bill of health when the CID looking for a sex killer search through the database for local nutters prescribed nonutterherein there is minimal risk to precious me.

What would Pastor Neimueller do?

What would he wish he had done?

I find this a tough ethical call.

9 responses to “Murphy’s Law and the NHS Spine

  1. A while ago, our GP practice asked us if we wanted to opt out having our notes uploaded onto the National Database.
    I did that thing.

  2. Just found this link on our practice website –

  3. My exceedingly peculiar innards, the traumatised fetus and the history thereof, were oh-so-clearly documented in the folder SAT AT THE END OF THE WARD. Yet I was still obliged to pause between contractions to gasp out an exceedingly truncated – and therefore, broadly incorrect – precis to the Resident Obs & Gynae chap, because he seemingly preferred to ask me rather than read the notes.
    Had he looked at the recent notes rather than asking CluelessMcInPain on the bed, I strongly suspect he would have instantly bunged me in a blue light over to Regional, where I clearly (in retrospect!) needed to be.

    Annnnnd I’m not sure what my point is. I think I’ve drifted. Doh.

    *summons brain*

    I agree with everything you’ve said up there: tough call. Big data is indubitably evil, but awfully Handy.

  4. I can’t help thinking that what is needed are examples.

    As in, making an example of someone.

    Big Data is, in this case, literally and demonstrably a matter of life and death. This sort of level of importance usually trumps any considerations of niceties like a right to privacy. If you agree that a great big database is going to save lives (and the only reason you think it’s not going to be yours is because of where your health is today, March 12th 2010) then the question stops being “should we have it or not”? The question becomes “how do we minimise the harm it causes?”

    First, quantify the harm. Difficult, as much of it is of the ilk of rumour. Did you not get that job because someone illicitly accessed your medical records and saw that you’d told your doctor you drink about 50 units of alcohol a week? Or did you not get it because you reeked of Scotch in the interview?

    Fair enough, anecdotally then it might be a problem when someone accesses something illicitly. You need to make a distinction between two kinds of access, which you might term civilian and authority. Accept that you’re never going to stop authority access to any database. Understand that if they couldn’t get this info from the medical database, they would be able to get it somehow from somewhere else, and that if it matters to them they would. So what you’re trying to control is civilian access, and this means the USB stick in the handbag.

    Sack ’em. The first time a doctor is sacked and struck off for a breach of security of the medical database, you’ll find people suddenly get a lot more professional. The first time a hospital orderly is imprisoned for six months for leaking information to a local HR department, and that department is fined six figures for obtaining data illegally, people will get the message.

    It won’t happen, because too many people have the “if you have nothing to hide you have nothing to fear” mentality. It is axiomatic that we all have something to hide.

    Right now I think the benefits outweigh the costs, if only because the benefits are real, immediate and quantifiable and the costs (to freedom and privacy) are hard to pin down right now.

    It’ll be a different matter in twenty years when we’re living in Gattaca and people with the wrong DNA profile can’t get a job.

  5. I have no doubt at all that access to accurate medical records at all times will save lives. It’s all very well for young people, (and I’m a geriatrician, by that I mean anyone under 85) to say ‘I don’t like it’.

    I’ve lost count of the times I’ve seen people in clinic who don’t know what medication they’re on. So how can I know that the medication I prescribe won’t interact with the medication they’re on. I also know that I’ve lost count of the amount of times when people when they are ill and in A and E can’t remember there medication. Or the fact that they’re diabetic, in atrial fibrillation, or have had a stroke.

    Then there’s the matter of ECGs, it would save lives if we could have access to your normal ECG every time you come into hospital.

    There are certain ECG changes that, if they are new, mean that you are having a heart attack. If they are not new they are nothing to worry about.

    The side effects of treatments for heart attacks is strokes.

    Having access to your old ECG will prevent people having strokes. It will save lives.

    But I don’t fancy anyone being able to find out that I’m a transsexual from a computer system.

    That said I trust the employees of Natwest not to know that I spent money at a sex shop. So I hope I can trust health care proffessionals.

  6. ” I trust the employees of Natwest not to know that I spent money at a sex shop.”

    Best way to stop that knowledge getting out is simple – do you accept CASH??? 🙂 I do think a large part of the push to make paying with plastic so very, very easy and convenient is that it is traceable for the authorities. William Gibson, in 1983, wrote of a future world where transacting in cash was illegal.

    So you trust the employees of a bank. Thinking clearly, you trust them to only reveal that information to a police officer with a warrant, or to another member of the security services. That’s going to happen if they want it to. You trust them NOT to reveal it to, say, your next employer.


    Because that kind of thing has happened in the banking industry, and when it does the people who do it get long jail terms and their lives ruined as punishment.

    Which is why I say that ANY breach of data security on the NHS database, by anyone, should be treated similarly to embezzlement, and an example made of the first few transgressors.

    Oh, and one other thing – someone can already find out your birth name etc. from a computer system – you have a passport. Trust that? Are you going to get an ID card…?

  7. Pingback: I’ve got life – Happy 101 Sweet Friends « Thinking about it…

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s