FAQs for practices using TPP SystmOne

Similar documents
NHS Summary Care Record. Guide for GP Practice Staff

GPs as data controllers under the General Data Protection Regulation

Fair Processing Notice or Privacy Notice

Implied Consent Model and Permission to View

Frequently Asked Questions (FAQs) About Sharing Information for Patients

How we use your information. Information for patients and service users

PORTER S AVENUE DOCTORS SURGERY UPDATE

Sharing Healthcare Records

Update on co-commissioning of primary care: guidance for CCG member practices and LMCs

White Rose Surgery. How we collect, look after and use your data.

NHS standard contract letter templates for practice use

Transparency and doctors with competing interests guidance from the BMA

EAST CALDER & RATHO MEDICAL PRACTICE YOUR INFORMATION

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP CLINICAL FUNDING AUTHORISATION POLICY

Version Number Date Issued Review Date V1: 28/02/ /08/2014

Principles of Data Sharing for GPs and LMCs

Parkbury House Surgery

Birmingham CrossCity Clinical Commissioning Group Deprivation of Liberty Safeguards (DoLS) Policy: Supervisory body Functions

How your health information is used in Lambeth

The interface between primary and secondary care Key messages for NHS clinicians and managers

The National Programme for IT in the NHS: an update on the delivery of detailed care records systems

Guidance for consultants working in a system under pressure

Implementation guidance report Mental Health Inpatient Discharge Standard

National Diabetes Audit Implementation Guidance

Policy for Patient Access

Enhanced Sharing: A Quick Guide

Occupational Health Privacy Notice

Delivering the Five Year Forward View Personalised Health and Care 2020

SystmOne COMMUNITY OPERATIONAL GUIDELINES

Health Visiting and School Nursing Service Clinical Record Keeping Re-Audit 2014/15

Bristol, North Somerset and South Gloucestershire. Connecting Care. Data Sharing Agreement

Privacy Impact Assessment: care.data

Access to Records Procedure under Data Protection Act 1998 Access to Health Records Act 1990

Official. Primary Care Support Services provided by Capita

Information Governance, Electronic Patient Records and Patient Online Access

Commissioning Policy

A vote for. BMA manifesto British Medical Association bma.org.uk

Personal Budgets and Direct Payments

NHS Pathways and Directory of Services

Implementation of the right to access services within maximum waiting times

SWLCC Update. Update December 2015

DR KUMAR CQC INSPECTION ACTION PLAN

SUPPORT FOR VULNERABLE GP PRACTICES: PILOT PROGRAMME

Approve Ratify For Discussion For Information

Utilisation Management

Briefing: NIB Priority Domains

How CQC monitors, inspects and regulates NHS GP practices

Winter Plans and Arrangements for Primary Medical Care Services during the Christmas and New Year Period

Safeguarding Adults Policy March 2015

Wiltshire Clinical Commissioning Group. Information Sharing Agreement for the Purposes of Direct Patient Care. Memorandum of Understanding

Safeguarding Supervision Policy (Children, Young People & Adults at Risk)

DATA PROTECTION POLICY

Potential challenges when assessing organisational processes for assurance of clinical competence in labs with limited clinical staff resource

High level guidance to support a shared view of quality in general practice

Personal health record (PHR) case study.

NHS 111 urgent care service

QOF Quality and Productivity (QP) Indicators. Supplementary Guidance and Frequently Asked Questions for PCTs and Practices in England

Fair Processing Strategy

Diabetes Manager. Julian Brown

Primary care streaming: Roll out to September

INFORMATION TECHNOLOGY, MOBILES DIGITAL MEDIA POLICY AND PROCEDURES

Stage 4: Investigation process

GP Practice Data Export and Sharing Agreement

PATIENT ONLINE SAFE ACCESS TO ONLINE RECORDS CASE STUDY HOW TO IMPLEMENT DETAILED CODED RECORD ACCESS

SABP/INFORMATIONSECURITY- SUMMARY CARE RECORD ACCESS/0003

OFFICIAL. NHS e-referral Service: guidance for managing referrals

Bedfordshire and Luton Mental Health Street Triage. Operational Policy

We are the regulator: Our job is to check whether hospitals, care homes and care services are meeting essential standards.

Section 132 of the Mental Health Act 1983 Procedure for Informing Detained Patients of their Legal Rights

Hillingdon 111 Programme: An introduction to the new 111 telephone helpline and Directory of Services (DOS) Helen Delaitre, Lead for Unscheduled Care

Committee of Public Accounts

RISK MANAGEMENT EXPERT SUPPORT TO MANAGE RISK AND IMPROVE PATIENT SAFETY

Scarborough and Ryedale Clinical Commissioning Group. IMT Strategy. (April 2015 March 2018) Final Version 1.2. Author: Angela Wood,

Guidance template for the development of autonomous practice for SAS doctors and dentists. British Medical Association bma.org.uk

NHS England Complaints Policy

THE MENTAL HEALTH ACT 1983 GUIDANCE FOR GENERAL PRACTITIONERS : MEDICAL EXAMINATIONS AND MEDICAL RECOMMENDATIONS UNDER THE ACT

Babylon Healthcare Services

ACCESS TO HEALTH RECORDS POLICY & PROCEDURE

Raising Concerns or Complaints about NHS services

integrated Doncaster Care Record (idcr)

Page 1 of 18. Summary of Oxfordshire Safeguarding Adults Procedures

NHS e-referral Service Vision Optical Confederation response

Privacy Policy - Australian Privacy Principles (APPs)

National Institute for Health Research Coordinated System for gaining NHS Permission (NIHR CSP)

EMERGENCY CARE DISCHARGE SUMMARY

As part of the model of care since late 2016 the partnership has been supplying the following services in collaboration with Babylon:

Precedence Privacy Policy

England. Questions and Answers. Draft Integrated Care Provider (ICP) Contract - consultation package

consultation A European health service? The European Commission s proposals on cross-border healthcare Key questions for NHS organisations

Securing excellence in IT Services. Operating Model for Community Pharmacies, Appliance Contractors, Dental Practices and Community Optometry

UoA: Academic Quality Handbook

Joint framework: Commissioning and regulating together

James Blythe, Director of Commissioning and Strategy. Agenda item: 09 Attachment: 04

Operational Policy for Children s Continuing Care.

Ashfield Healthcare Nurse Agency Ashfield House Resolution Road Ashby-de-la-Zouch LE65 1HW

Hambleton, Richmondshire and Whitby. Clinical Commissioning Group. IMT Strategy. (April 2015 March 2018) Final Version (v1) Author: Angela Wood,

Complaints Sanctuary Students Procedure SS/LW0315/CP. Sanctuary Group:

integrated Doncaster Care Record (idcr)

FREQUENTLY ASKED QUESTIONS (FAQS) FOR THE INDIVIDUAL HEALTH IDENTIFIER (IHI) JANUARY 2016

Information Sharing Agreement

Transcription:

March 2017 It is a fundamental responsibility of a doctor, when involving others in the care of their patients, to select and then disclose only necessary and sufficient information for the care needed or anticipated. Exchanging unnecessary and excessive information is disrespectful of the patient and the recipient and contrary to GMC and other requirements. Background If sharing of patient records (functionality known as edsm) is turned on in TSO (TPP SystmOne), these records can be accessed from all other TSO sites. The practice cannot selectively control this accessibility it is all or nothing. When new sites join they too can access all other sites. Accessibility relies on adding a patient s name, date of birth and other demographic details to the system, which then allows, with recording of the patient s consent, the ability to access a patient s record at any other TSO site. We have concerns that this consent requirement can be overridden, and therefore allow unauthorised access from sites or individuals not related to providing direct care to the patient. Practices are alerted when consent is overridden. Records of consented accessing have to be searched for or reports run. There are thought to be 6,600 individual TPP sites that could have this ability to access GP surgeries that have esdm enabled. TSO was originally commissioned, designed and implemented in the 1990s as a bespoke system to provide a local multi-user single shared record database in Bradford and Airedale. Since then it has proven popular and has achieved a wider presence in the NHS in GP surgeries, community services and elsewhere. The system that has been rolled out at a national level has extended the original default multi-user single database architecture. Is TSO s enhanced data sharing model (edsm) legal? To date, there have been no legal challenges to TSO edsm in the courts. However, the BMA, RCGP, NHS England and NHS Digital have all expressed concerns which have been supported by the Information Commissioners Office ICO (ICO). The ICO s view is clear in its current configuration TSO breaches the 1st and 7th principles of the Data Protection Act (DPA) and is therefore unlawful. While the ICO has not indicated that they will take action against individual data controllers at this stage, it is a possibility. Patients could complain that their records are accessible by people and organisations who should not be able to do so. It is also highly likely that a court action in support of a complaint would succeed. For the latest statements from the ICO on this matter, please visit the ICO website. Why is the BMA GP committee issuing this statement now? Recent media interest has raised concerns both for patients and the profession. TPP has sent its existing customer practices a set of documents intended to clarify the situation. The BMA s view is that these documents do not fully do this and do not satisfy the test of being able to fully and properly inform patients. In the light of the ICO s statement we believe they need to be revised. We have identified some critical questions that we believe TPP users might reasonably want answered. bma.org.uk

2 Immediate consequences TSO sites which have edsm switched on should urgently consider any action they need to take, taking into account this guidance. Equally TSO sites planning to switch on edsm functionality should ensure they comply with DPA requirements in advance. Fundamentally, practices need to be able to inform patients who might be able to see their records, where, when, what parts of their records and for how long. In addition, they need to be able to limit sharing of their records to other TSO sites. GPs and patients need to know who is accessing their records. FAQs 1. Does this affect all TSO practices? Not necessarily, as not all TSO practices have edsm sharing turned on. This issue only applies if you have, or have had, sharing turned on. Those practices may need to take urgent action. We would however recommend that all TSO practices acquaint themselves with these developments. 2. What should practices do now? How can a practice inform its patients regarding TSO data sharing arrangements? As things stand, the ICO is not expecting practices to write to every patient to fulfil requirements to fully inform them, but is expecting all other opportunities for fair informing to be utilised e.g. displaying posters, providing patient leaflets, advice on repeat prescription messages; advice during consultations or at the time of referral; text and e-mail notices; advising their PPG. etc. 3. Do I have to turn off sharing? Whilst patients are being fully informed about the TSO sharing model, the practice should balance the risks of continuing to use TSO with edsm enabled until patients are informed versus using TSO with sharing turned off. Practices should be aware that any new patients will also need to be fully informed about the TSO sharing model so this is not a short-term exercise but an on-going process. The BMA cannot advise any individual doctor or practice whether or not to turn off the sharing function of their system. This is a decision that has to be made based on each individual situation. If, for instance, you have complied with fair processing then there is no reason to turn sharing off. Alternatively, if you are not confident that patients fully understand the sharing arrangements you need to take urgent actions to ensure that they are fully informed. Given the advice from the ICO above, it is the BMA s view that it is highly unlikely that patients will be fully informed already and that further actions will be necessary to ensure that they are. In making a decision it is important to consider the alternatives to using TSO and how often they are likely to be needed. Alternatives to TSO sharing for scheduled direct care could include using other traditional methods of referral, eg letter, the e-referral service, secure NHS e-mail, telephone calls, standardised forms or printouts, made on a patient by patient basis as and when necessary. Whatever alternatives GPs use they must ensure that they incorporate appropriate security measures, taking into account the sensitive nature of the data. These methods would need to comply with GMC guidance which becomes operative from 25 April 2017; these guidelines make it clear that GPs should only disclose relevant data necessary for direct care. In addition, the Summary Care Record in its basic form is available throughout England and provides information about drugs and allergies, and with the provision for additional information to be added with explicit patient consent in creating an enhanced SCR. What is clear is that practices cannot do nothing. They can reduce risk by ensuring a robust system is in place that enables patients to be fully informed about the TSO sharing model with sharing remaining on, or abolish future risk by turning sharing off whilst still informing, with the intention of turning it back on at some point in the future. 4. Dissent codes As part of fair processing, the practice should have a system for recording patients who object to their data being shared outside the practice under these arrangements. We understand (and are deeply concerned) that TSO sharing does not automatically respect nationally agreed sharing dissent codes. This means it is possible that patient records are being shared despite the presence of these codes in their coded records.

3 Practices with sharing turned on must immediately ensure that every patient s coded dissent preferences are reflected in the TSO specific sharing controls. 5. If I am in a locality/group/federation/hub and we are already sharing, what do we do? Although sharing via TSO is almost always a group decision made by a health community the liability lies with the individual practices. If your local health community is using TSO then we suggest you urgently review your arrangements accordingly. 6. What happens if I turn off sharing? If you are in a locality with working models that rely on data sharing, switching off data sharing could affect the functioning of such services or cause inconvenience for patients and GPs and staff. The ultimate responsibility for GPs and practices must however be to comply with the DPA as well as GMC standards. If you turn off sharing you will need to inform your patients why you are doing so, especially if it affects the delivery of any services. If practices are part of a local federation of locality group that has organised data sharing, this could be communicated by the relevant locality group. You will also need to try and ensure beforehand that those providers who are caring for your patients are provided with the information they need to treat them and any additional information that they reasonably request. 7. I am about to join a locality/group/federation/hub what do we have to do/achieve before we can share? We would suggest that you enter the group but with sharing turned off and use other existing means of providing information, unless you are certain appropriate fair processing is in place and your patients are already fully informed, in which case you will be more able to enter the group with sharing turned on. 8. If I decide to not share now, when am I likely to be able to turn it on? When you have fairly informed patients about who will have access to their records or when TSO is fully compliant with the DPA there is no timescale for this at present. 9. Should I consider changing systems? This is an option; however practices should consider the enormous disruption that a core clinical system change incurs - it is generally accepted that it takes 18 months for a practice to return to business as normal. The BMA would not recommend changing systems without a very careful and detailed assessment. Practices are entitled to change systems under GPSoC and would need to apply to their CCG. 10. What about breaches? Data controllers are required to inform their data subjects as soon as they become aware of breaches, as well as informing them of what they can do to take steps to protect themselves. 11. Access to our patient records under TSO is consent controlled and SmartCards are needed, what is the problem? There are access overrides that are considered to be too easy to action and which can be activated as the default across an organisation. Smartcards are not always necessary, users can log on with usernames and passwords.

4 12. TSO has functionality to limit sharing of individual patient records, what is the problem? It has recently become possible to restrict sharing from within an individual s personal record but this cannot be done at a practice level. Restricting sharing in this way would be impossible to manage for every patient on a practice s entire list. Data controllers have a duty to protect patient records, making them available only when needed. By effectively opening up all their records for access all of the time GPs are exposing them to a vulnerability that is not justifiable. Finally, TSO does not automatically respect agreed national dissent codes embedded in individual patient records. 13. What is the plan for the future? A variety of measures have been agreed with TPP to reduce the risks practices face using TSO while further measures are being discussed. These initial mitigations include: 1. Revised information and fair processing documents these were circulated to TPP practices on 24 February 2017. The BMA does not believe these are fit for purpose. 2. Code of Conduct a set of guidance and pointers, rather than a formal data sharing agreement, was sent to all TPP users on 24 February 2017. 3. A screen for TSO users showing existing and new organisations that have started sharing - made available on 16 March 2017. 4. Patients who have online access through SystmOnline being able to see who has accessed their record will be available from 16 March 2017. 5. Technical changes planned to be delivered by 31 July 2017: New organisations entering TSO will have sharing turned off by default. They will have to confirm they understand and comply with all necessary requirements prior to activating sharing. Sharing preferences on SystmOne patients will be able to see their current sharing preferences. Review of consent override functionality. The BMA and other stakeholders will be pushing for further changes to TSO to give GPs the ability to limit sharing with only selected organisations. This functionality will allow practices to decide which other TSO sites can access their records. This will provide full compliance with the DPA. TPP have also been asked to provide functionality that will alert patients, via patient online services, to consent overrides. TPP is responding quickly to these issues and is actively deploying updates and revisions. We understand that a software revision answering question 3 below was sent out on 16 March 2017. This is a rapidly changing situation and practices should keep up to date with changes. 14. Where can I get further help and support? You should contact TPP if you have unanswered questions or require technical support. The BMA has sent TPP the following list of outstanding questions that they need to be able to answer: 1. How do I turn off sharing? 2. How do I turn on sharing? 3. Can I see a list of sites that could access my patient s records? 4. Can patients see a list of sites that could access their records? 5. Are my practice records shared? If so for how long have they been shared? 6. How often or how many records have been accessed on a daily/weekly/monthly basis? 7. When my record is accessed by another organisation is the practice informed? Can I be informed? 8. Has anyone accessed my record from another organisation? If so, was the practice informed? 9. Can I get a list of all organisations that have or could have accessed our records along with frequency? 10. Can alerts be configured? If so, how? 11. How many records have been accessed with a consent override? 12. How many record access alerts have I received as a user/clinician? 13. Do I need to view all the alerts I receive? 14. Is there a simple way to see who has accessed an individual record both within the practice and externally as I may be asked by a patient during a consultation? 15. Can patients find out directly whether their records have been accessed? 16. How can I find out about access where the consent override has been used? 17. How many TPP users can potentially see my records?

5 BMA House, Tavistock Square, London WC1H 9JP bma.org.uk, 2017 BMA 20170234

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback