Single patient record: what it means for healthcare providers
The aspiration of creating a single patient record (“SPR”) has existed for multiple successive governments and the Health Bill (“the Bill”) contains provisions to finally implement it. This short analysis will look at what this actually means, the impact it will have on health care providers, and what steps will be taken assuming the Bill is passed.
For more information on the Health Bill and what to expect, please read our summary of the key proposals outlined.
Why is the SPR being developed now?
Before delving into the Bill it is a reasonable question to ask will this be implemented? Past attempts have failed, so what has changed now to make it more likely to be successful?
There are two main answers to this; the first is the changes in technology, and the second is the shift in how providers are expected to work.
From a technological perspective previous attempts in the early 2000s were focused on developing an overarching NHS IT system. The scope and scale of which became unachievable. The development of ‘cloud’ based systems and interoperability between multiple systems has made it increasingly possible to develop a technical solution. The move away from paper-based records has further increased the likelihood that a SPR can now be developed.
This is not the same as saying there is a technical solution and the supporting documents with the Bill state that these need to be developed before a SPR can be implemented, but it is a more manageable challenge than at any time prior in the NHS history.
The shift in how providers are expected to work is currently focused on Neighbourhood working. This requires organisations to work in a more collaborative and seamless manner.
This is not new and the varying degrees of integration have fluctuated over time but there has been a definite push towards closer working, especially with general practices working as Primary Care Networks, integrated neighbourhood teams bringing multiple providers together, and the push to improve sharing with Trusts. The extension to bring in social care providers and private providers is a clear policy objective all of which is focused on ensuring consistency in the care delivered to the community.
The government has determined that these shifts make the SPR a realistic and achievable objective now, assuming the Bill is passed.
What would the SPR actually look like?
The Bill does not detail how the SPR will function. The proposed amendment to the National Health Services Act 2006 (“the NHS Act”) will empower the Secretary of State to make regulations governing the detail of the SPR. This will be a highly anticipated publication.
However, the government has published three additional documents addressing the development of the SPR which provides a useful insight into the likely structure:
- Explanatory Notes
- Impact Assessment: Single Patient Record and information sharing (“the Impact Assessment”)
- Regulatory Policy Committee Opinion: Single patient record and information sharing “the Opinion Paper”)
Each of these provides a piece of the jigsaw puzzle and the most revealing is the Impact Assessment.
This mentions the following developments:
- The SPR will not be a new IT system but a tool to pull together and to integrate all the variable systems used across both health and care sector. The integration element will therefore be in the background with the user (patients and clinical teams) will be able to review and enter data. The document states there are 40 IT suppliers who have been identified as needing to be involved.
- It will cover over 43,000 organisations including NHS Trusts, GP practices, dental practices, pharmacies, local authorities, care homes, private GPs, and private hospitals.
- The powers to establish the system will be delegate to a public authority, it is not clear which authority will be selected for this function.
- There will be a ‘requirement to input data to the SPR’ which ‘is expected to apply to people involved in the provision to patients of health services or adult social care’. This is likely to be included in the regulations but one would anticipate that the NHS contracts, including those for primary care, may be amended to ensure that providers comply with this obligation.
From a user perspective the aspiration would be for a more detailed and comprehensive patient record, whilst only making minimal changes to the systems that providers use. The final design and how individual IT providers respond to this challenge will ultimately shape this system.
What will the impact be on health care providers?
From a health care provision perspective, the SPR should significantly improve the ability to deliver services. It will accelerate lines of communication, reduce risks to patients and will allow for more advanced care planning. The Impact Assessment makes a very compelling argument in support of the SPR, and most patients often mistakenly think this is how the NHS operates anyway so it will close the gap for patient expectation and reality.
However, there is a significant legal question which has not been answered relating to the liability of the providers and whether this will change. The BMA has raised concerns that there is a lack of clarity about the liability GP providers may retain under this change. The same concern is likely to be shared by all 43,000 providers who will be affected.
Prior to the publication of the Bill there was an expectation that the Government would seek to centralise the records with corresponding responsibility as the data controller, making the providers data processors with an important but lower level of liability under the General Data Protection Regulations (“GDPR”). This has not happened.
The structure outlined above makes it clear that the existing electronic patient record systems will remain in use and that the SPR will be a technical solution collating and sharing this information between these various systems. The supporting documentation makes no reference to the word ‘controller’ but does reference ‘data processing’, which implies that the SPR will be a data processor not a data controller.
The only reference to ‘control’ is within the Opinion Paper which states that ‘[t]he Department’s problem under consideration is that health providers only hold incomplete data on their patients, as individual health records are controlled by multiple provider organisations rather than there being a singly complete record. This can create risks or errors, duplication and patient safety incidents.’
The proposed solution appears to address the issue of creating a complete data record for the patient and not the issue of control by multiple organisations.
The proposed section 250E(3) of the NHS Act will mean that the SPR processor will not be subject to the common law duty of confidentiality. This will protect the entity that is ultimately responsible for the SPR but is unlikely to offer such protection to the providers if they remain the data controllers.
Whether this will be addressed within the regulations is unknown but it is clear that all providers should anticipate that they will remain the data controller for the foreseeable future and that they must retain adequate management of this major responsibility.
The Bill also confirms that participating in the SPR will be compulsory, for most if not all providers who hold patient data. This will be enforceable by financial penalties and will be governed by the Secretary of State, CQC or a specially formed enforcement authority, which will be determined within the regulations.
What are the next steps, assuming the Bill is passed?
Once the Bill is passed the next significant step will be for the Secretary of State to publish the proposed regulations. This will greatly clarify the final picture of how the SPR will work.
It is likely that there will be significant additional analysis of this change and early models of the technical solution will be tested.
Until the liabilities of providers are understood it is recommended that all providers (including but not limited to Trusts, GPs, dentists, pharmacies and care homes) review their compliance with the GDPR and existing data protection legislation. It is essential that these arrangements are carefully documented with a particular focus on data sharing arrangements, especially in the context of neighbourhood working.
How Hempsons can help
If you require support in reviewing and developing your compliance, please contact Hempsons and we will be happy to assist you and your organisation.