How to Protect Patient Privacy and Still Benefit From Electronic Medical Records

Page content

As the use of electronic medical records grows, the issue of informed consent to disclosure becomes more and more important. Informed consent is required in research, in treatment and for the storage use, disclosure or sharing of personal information. The concept came to the fore in the UK at a series of high profile inquiries into adverse events at hospitals in Bristol and Liverpool.

In order for consent to be valid, we must ensure that:

1. it is more than a signature on a form;

2. the patient has sufficient information to be able to make a judgement for themselves;

3. the consent may be withdrawn at any time

4. there is no influence or duress deployed to encourage the patient to give consent

The issue has now been raised in the UK in connection with the uploading of a summary electronic patient record onto a national database known as the national data spine. The summary to be uploaded includes allergies and current medications.

At the pilot stage, patients were being given the following options:

“Before we create your Summary Care Record, you can decide not to have a Summary Care Record at all.

After we have created your Summary Care Record, you can decide not to share the information in it; to share the information in it with others providing you with care; or to add information from your record that you would like included.”

Source: National Care Records Care Record Guarantee

Following a media campaign and protests from civil liberties groups, additional safeguards have been announced before the national implementation in late 2008. NHS staff will be required to seek patients’ specific consent before accessing their electronic medical records. This will give patients a veto on when the information can be accessed.

However, a number of issues remain:

  1. Under UK and European law informed consent is required for the storage of personal information even before it has been accessed.
  2. Whilst a patient can now veto access to the summary record at the point of care, it is difficult to see how this can be done without influence or duress: “You want care? I need this information”. One person’s due diligence is another person’s duress. Also, at the point of care, by definition, the patient will be unwell and may not be ideally placed to make an informed decision
  3. There appears no provision for the patient to withdraw consent to the storage of the summary, only to veto access. This appears to provide inadequate protection. Further, if the information is to be stored but the patient exercises their right to veto its use at each occasion, then the holder would be unable to use the information and its storage would appear to be illegal under data protection rules since it would be storage with no legitimate purpose.


Learning from Bristol: the report of the public inquiry into children’s heart surgery at the Bristol Royal Infirmary 1984 -1995, Command Paper: CM 5207, The Stationery Office, London, available on-line at

The Report of the Royal Liverpool Children’s Inquiry, The Stationery Office, London, available on-line at

The Guardian (2008) Patients get veto on access as NHS database expands across England, Sept 18, available on-line at

NHS Connecting for Health (2008) The Care Record Guarantee, available on-line at