Category Archives: Generic

E-patients

Generic, Patients,

See also Expert patients. E-patients – (Wikipedia) use internet on behalf of themselves or others to get information about medical  conditions.  Tom Ferguson white paper.

  1. E-patients are valuable healthcare resources, and should be recognized as such.
  2. Empowerment is trickier than you might think.  Knowledge may increase but improvements in anxiety, self efficacy, changes in behaviour do not always follow. Patients often know more than doctors realize, they often want to know about things doctors don’t have the answers to (or would avoid answering), and they often want to pass things on to other patients or give feedback to their doctors [Diana Forsythe, medical anthropologist].
  3. Patients can quickly know more about a condition than their doctor.
  4. Hazards of imperfect online health information prob exaggerated. Cf medical errors!
  5. Wherever possible, healthcare should be provided on patient’s “turf”
  6. Clinicians can no longer go it alone
  7. The most effective way of improving health care is collaboratively

In the outside world, a diagnosis (esp a rare one) can seem like a world upturning misfortune that sets you apart.  Online, it is a badge of honour that connects everyone together.

Angela Coulter – paternalism in health care – clinicians underestimate how intimidating the clinical encounter is, patients fear offending their clinician if they assert themselves or offer an agenda.  Clinicians are often unaware of the constraints that prevent patients asking questions in clinic.  Clinicians often believe patients need to be protected from the truth eg uncertainties, bad news.  Patients can often be left feeling inept, diminishing their sense of control.  Paternalistic clinicians often seen as unsympathetic or arrogant, refusing to accept ideas or suggestions.

Try:

  • What do you want to make sure we discuss today?
  • What needs to happen today to make this visit feel successful?

Patient feedback –  can sometimes lead to poor morale – positives need to be celebrated.   Confidentiality must be assured for feedback to be meaningful.

Ethics of genetic testing in childhood

Ethics, General paediatrics, Genetics

Difficult to determine the psychosocial harms and benefits of testing in childhood.  A systematic review (Genetics in Medicine, 2015,   doi:10.1038/gim.2015.181) found that serious adverse psychological outcomes were uncommon, and most studies reported no significant increase in mean anxiety, depression, and distress scores.  However, some children experienced intrafamilial distress, discrimination, and guilt/regret. Some children were more concerned about their own health or their family members’ health.  It wasn’t very easy to anticipate adverse impact.

Objections-

  • No direct or medical benefit? Duty to protect the future autonomy of the child, i.e. preserving the right for the child to make her/his own decision to be tested or not.
  • Possible psychosocial harm from knowing diagnosis? Existing guidelines are often based on assumptions rather than empirical evidence of such harm, viz possible lessened self esteem, distortion of the family’s perception of the child, altered upbringing, discrimination and increased anxiety both of parent and child.

On the other hand, it has been argued that parents have the right to make decisions on behalf of their children because they have primary responsibility for their child and they know their child best.

Similarly, not testing may mean that the child loses the opportunity to grow up with and adapt to genetic knowledge during his/her formative years. Plus, parental anxiety, difficulty of living with uncertainty.

The authors of the systematic review highlighted the lack of data regarding genetic testing for conditions that may not be treatable/modifiable, and the dearth of longitudinal studies. So they conclude that caution remains essential for the ethical integration of genetic testing in children.

British society for human genetics, 2013 report into testing children. http://www.ethox.org.uk/Documents%20and%20images/GTOC_2010_BSHG.pdf

Data protection

Ethics

Data Protection Principles:

  1. Personal data shall be processed fairly and lawfully
  2. Personal data shall be obtained for specified and lawful purposes
  3. Personal data shall be adequate, relevant and not excessive
  4. Personal data shall be accurate and up to date
  5. Personal data shall not be kept for longer than is necessary
  6. Personal data shall be processed in accordance with the rights of the subject
  7. Appropriate technological measures shall be taken to safeguard the data
  8. Personal data shall not be transferred outwith the EC unless that country ensures an adequate level of protection for the rights and freedoms of data subjects

Data protection act 1998 governs access to medical records.  Other acts address rights to data not relating to individuals (Freedom of information 2000), or access to records for deceased individuals or for insurance or employment reasons.  It is the duty of the Data Controller (ie whoever decides how data is used) to recognize that a request in written form (incl an email) is a valid request ie no specific form required, data protection act does not need to be cited.

Doctors are still permitted to informally allow access to notes eg for purposes of confirming list of medication.

Applies only to living individuals and excludes anonymized data.

Patients have right to know whether data about them is held, but no need for them to be informed each time it is used.  If factual content is disputed, patient has right to have details amended but should be done so that it is clear change has been made in light of new information.  If doctor believes existing record is accurate  statement of clinical opinion, they may offer patient opportunity to add statement of their own opinion.

If record requested, must be supplied in a permanent format unless disproportionate effort involved, and in a format acceptable to the patient.

Under statutory instrument 2000 no 413 (Disclosure if information that may harm somenone’s health) data controller can restrict access to record but otherwise there is no restriction on the type or age of record (eg electronic or paper).  GMC advises that potentially causing upset is not sufficient grounds to withhold access.

Access must be given within 40 days of request and any applicable fee.

Use of records must be according to the principles of processing fairly and lawfully, obtaining only for specific purposes, adequate, relevant and not excessive; and held only for as long as necessary.  Where use of records is being considered for more indirect purposes, eg audit, then must be done carefully, by named data controller.

Reasonable steps should be taken to ensure that “subject access requests” are genuine and to verify identities, particulary if request seems unusual,or disproportionate (eg whole of case record rather than just certain dates).  Eg Solicitor letters, is signed mandate included and recent?

Not appropriate to hand over notes and let someone else do the sifting – data controller must take appropriate measures to prevent unauthorised or unlawful processing (eg alterations) or accidental loss.

Patient has right to have data explained to them in understandable terms eg jargon, undecipherable text.  If unable to contact the original author, data controller must make an effort to provide explanation, which is no different from what they would do in their own day to day work.

You can ask why data is being requested, eg as part of verification of whether an agent is acting within the scope of their authority, but no legal duty for this info to be provided.

See also Confidentiality

Caldicott 2

Ethics

Dame Fiona Caldicott’s review of original 1997
information governance recommendations – response to perceived
reluctance to share info appropriately.

Appropriate sharing should be the rule, not the exception.  Given need for informed consent, concludes that patients should be better informed as to how their
information is used.  Needs system for recording consent applicable
across all NHS and care systems.  Sharing info with a private
organisation or local authority should be equally straightforward, if
data protection principles are applied.

Confidentiality

Ethics, ,

For information to be confidential in law it must:

  • not be common knowledge among lots of people, for example, the
    content of a discussion between a patient and a health professional;
  • and be useful and not irrelevant or trivial

Explicit consent is not required for the following purposes:

  • Where patient information is used for the routine clinical care of that patient – for example between health professionals and intra NHS multidisciplinary teams
  • Where patient information is used for administration and management purposes, for example, waiting list management.
  • Child protection purposes (see below)

Most patients understand that their information must be shared within
the healthcare team. However, patients do not expect this to be shared
with others who will not be involved in their care.

Aggregated and management information is used to plan and monitor
progress of the organisation in its delivery of services. This is
generally outside the scope of the Data Protection Act 1998 on the
basis that a living individual could not be identified from such data.

Anonymized/coded information would normally fall outside the scope of
the Data Protection Act 1998, but care must be taken with all coded
and anonymised information as it may still be possible to identify
individuals, e.g. with rare diseases, drug treatments or statistical
analyses within a small population.

For other uses, it is your responsibility to make sure that patients
are aware of the wider uses of their information and to get their
permission.  It is your responsibility to make sure that you provide
versions in any community languages or meet other accessibility
requirements.

You should:

* make clear to patients when information is or may be disclosed
(shared) to others involved in their health care;

* make sure that patients are aware of the choices that are available
to them on how their information may be disclosed and used;

* check with patients to make sure that they have no concerns or
questions about how their information will be disclosed and may be
used;

* answer any questions personally or direct patients to others who can
answer their questions; and

* respect the rights of patients and help them to access their health
records if they have asked to do this.

Intra NHS Information Sharing NHS Scotland policy

3rd party info eg family history or info coming from an identifiable
family member – may itself be confidential, even if in patient’s
record, so 3rd parties should be told if their identity might be
revealed, and given opportunity to decline.

Beware use of automated reports for insurance etc, where only minimum
necessary info is appropriate, and would be wrong to disclose more
than that.

Option to opt out of data analysis emphasized – not clear how this
would be done.

Training seen as tick box rather than education.

£100 000 fine for Aberdeen city council for a home worker accidentally uploading files regarding vulnerable children to an online file store.  A fine has never been issued for formal sharing of information.  “Blagging” is also an issue, where a 3rd party obtains information by ostensibly acting as a healthcare professional or family member.
Guidance from 2003 still applies – obtain confirmation of identity (or
phone number etc) from second source.  If breach occurs, individual
should be informed.

See also Data Protection for Caldicott principles etc.

Child Protection

Scottish Government’s Sharing Information about Children at Risk: A Guide to Good Practice (2003) states:-

“If there is reasonable concern that a child may be at risk of harm this will always override a professional or agency requirement to keep information confidential. All professionals and service providers have a responsibility to act to make sure that a child whose safety or welfare may be at risk is protected from harm.”

The National Guidance for Child Protection in Scotland (2014) states:

Harm‟ means the ill treatment or the impairment of the health or development of the child, including, for example, impairment suffered as a result of seeing or hearing the ill treatment of another. In this context, ‟development‟ can mean physical, intellectual, emotional, social or behavioural development and ‟health‟ can mean physical or mental health.”

Recent advice has also been received from the Scottish Government, having consulted with the Information Commissioner’s Office, regarding the impact of GDPR and the Data Protection Act 2018 in this area.  The Information Commissioner’s Officer has confirmed:

“It is important that those whose work brings them into contact with children and young people continue to share child protection concerns in the same way as they did previously. Child protection matters at the significant harm level equate to sharing/processing being necessary to protect the vital interests of the child where reliance on consent may be prejudicial to that purpose. The same lawful purposes are provided for in Articles 6:1(b) and 9:2(c) of the GDPR for personal and special category data so nothing has changed at that level”.

It is important to be open and transparent and make people aware that we will share information when we suspect a child or young person is at risk of harm. It is also important to record any decision to share or not to share information and reasons for doing so.

Relevant Acts/Policies

* Human Rights Act 1998

* Freedom of Information (Scotland) Act 2002

* NHSS Code of Practice on Protecting Patient Confidentiality.

* NHSS Information Governance standards 2005

Note that Scotland leads patient data protection with Fairwarning software.