Royal Free London Explains Patient Data Sharing Complications

Sep 29, 2014

A balance between data sharing privacy must be struck in order to improve patient care, according to the Royal Free London NHS Foundation Trust.

“The key point we have to address in this Trust is we have around 9000 staff, 1.2 million patient case note records, the number of encounters is huge, the number of sites we operate on is huge and to keep a framework that staff can work in and deliver objectives in poses quite the challenge,” claimed Subir Mondal, deputy director IS at the organisation.

“What the staff need to do is follow the Caldicott guidelines, provide confidential service, abide by the law, understand the Data Protection Act (DPA), recognise the Freedom of Information (FOI), follow the record management code and keep information secure,” he added, speaking at last week’s Whitehall Media GovSec event.  

For Mondal, it is all about striking a balance between sharing and privacy in order to improve patient care when so many standards must be adhered to.

“The point I’m trying to make is that on a day-to-day operational basis people are not going to look up section 29E of the DPA to find out if what they’re doing is right or not,” he claimed.

“What I’m alluding to is we’ve had to try and get to a systemic solution that we can start to use day-to-day on an operational basis,” added the IS deputy director.

When permission is given to share confidential information, guidelines state the minimum amount of information possible should be shared and only with people on a need-to-know basis.

Personalised information cannot be released to outside parties for secondary use, therefore data shared must be pseudonymised and de-personified. Mondal claims this still allows comparisons of datasets because it is still possible to tell when it is the same patient without having to know their identity.

“Freedom Of Information Wrongly Used”

However, a new level of complication is added when both patients and staff mistake the purpose of FOI requests.

“We have patients and staff who put in FOI requests for their personal data,” claimed Mondal.

“It is not meant for that. We get it all the time when actually, an FOI is for non-personal information, not for identifiable information,” he added.

The deputy director claims this causes all sorts of confusion and more education is needed to prevent people from thinking that FOI is the right route to go down in order to find out what information a public body holds about you personally.  

The Electronic Patient Record (EPR) Solution

The Royal Free London NHS Trust is currently using health and care solutions provider Cerner to provide it with an EPR.

The Trust opted for this supplier in March this year, along with a solution from enterprise information management firm OpenText that stores, manages and makes available digitised copies of paper records within the organisation.

“Accurate and timely patient data is at the heart of delivering quality care and through our collaboration with OpenText we will ensure that it will be available to all front line care staff where and when it is needed,” claimed the Trust after striking the deal earlier in 2014.


No comments yet.



Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now




Sign up to receive latest news