Agenda item

Mrs R Spore, Director of Infrastructure, and Mr A Day, Technology Commissioning and Strategy Manager, were in attendance for this item.

1.                  Mrs Spore introduced the report and explained that local authorities had been required to develop a method of sharing health and social care data in the best way to meet the requirement to share data under the Health and Social Care Act 2012, and the development of the Kent and Medway Care Record (KMCR) was Kent’s response to this need, as part of the NHSE Local Health and Care Record programme. Development of the KMCR had offered a way to review and improve the way in which client data was accessed, and to improve care outcomes and productivity. The procurement process had been completed in 2019, with Graphnet being the chosen provider.

2.                  Mr Day then responded to comments and questions from the committee, including the following:-

a)      asked how data would be safeguarded from any unauthorised access or use, for example, commercial use by insurance companies, Mr Day advised that a key feature of the information governance was a checklist of safety measures.  The data would be stored in a secure cloud, rather than web, environment and would be encrypted in transit. Only those authorised to use it would be able to access it;

b)      asked about a data sharing programme established by the NHS about ten years ago, which had not worked successfully as the IT systems of the different NHS organisations had proved to be incompatible, Mr Day advised that, although there was some element of risk in any shared system, ensuring that data systems would join up successfully had been a priority. What was being proposed for Kent was already working well elsewhere in the UK. When a patient was away from home, anyone treating them, including paramedics and multi-disciplinary teams, would be able to see, in real time, at least a summary care record. The extent of the information able to be accessed would be increased in the future;

c)      Members sought to be reassured about what would happen to a patient’s data once it was sent to another organisation, and that it would be safe there. Use or misuse of a patient’s health records raised similar concerns to those related to the use or misuse of a person’s bank records.  Mr Day explained that potential users of the data would be required to meet Government cybersecurity standards before they would be able to access it, and must have a system which had been certificated as suitable for use with health data.  This would mean the new KMCR would be better than any sharing systems tried previously;

d)      asked what access a patient would be able to have to their own records, and to what extent they would know who was sharing that data, Mr Day explained that a patient would be able to access their data via an NHS app and would be able to update their own data, for example, by entering data from a fit-bit.  A GP would then be able to see that data. The aim was to achieve a system which was official and secure but sufficiently user-friendly;

e)      asked what permission would be sought from a patient before their data was shared, and if they could object to it being shared, Mr Day explained that the NHSE Local Care and Health Record programme had been established in response to a statutory duty to share data. Under General Data Protection Regulations, a patient could object to their data being used, and their record would be flagged accordingly. Whereas a patient could have opted out of the previous NHS data sharing programme, in the new system they would be able to direct only some of the purposes for which their data could be shared;

f)       asked how the public would be made aware of the new system, how their data would be used and how much say they would have about it, Mr Day advised that there would be a communications campaign to raise awareness, including getting GPs on board, but that the statutory duty to share data would be emphasised. Most people now seemed to expect their data to be shared in some way anyway, and were familiar with the concept of this happening, so this was not expected to be a surprise to the public; and

g)      a view was expressed that to make this assumption was unwise and that the public would need to be, and would expect to be, fully appraised of the new system, how it would work and their rights within it.  

3.         It was RESOLVED that the information about the KMCR set out in the report and given in response to comments and questions be noted, with thanks, and a further report on the development of the system be made to a future meeting of the committee.