NHS hospitals have quietly created banks of DNA from blood taken from millions of newborn babies without the proper consent of their parents.Freedom of information (FOI) requests to hospitals around Britain have established that the blood samples, taken in heel-prick tests to screen for serious conditions, have been privately stored by parts of the NHS since 1984.

According to guidance obtained by The Sunday Times, the DNA can be looked at by police, coroners and some medical researchers. They are able to identify named individuals.

This weekend Andrew Lansley, the health secretary, was under pressure to order an inquiry into why the NHS appeared to have acted without securing proper consent from parents.

Mothers of newborns are given a leaflet that academic experts say fails to make clear the distinction between consent for vital clinical tests to safeguard a baby’s health and for the use of the baby’s DNA in medical research and police inquiries.

Dr Helen Wallace, director of GeneWatch, a pressure group, said: “Giving mothers a leaflet does not amount to informed consent. No one who has just given birth is in a state to understand the full implications of how their baby’s genome might be used in future.”

The standard leaflet simply explains that the stored blood samples can be used “for research to help improve the health of babies and their families in the UK”.

Up to 4m samples are being held at four of the 16 centres licensed to hold newborns’ bloodspots in the UK, according to the FOI responses. More than 700,000 babies are screened each year.

The police and coroners can apply for access to the infant blood samples, which contain individual DNA, to identify people involved in crimes.

Private medical companies and researchers working for the NHS are also able to access the samples, although most of the research is anonymous and done by the NHS after approval by an ethics committee. The bloodspots have been used for genetic research and mass screening for diseases such as HIV in babies’ mothers.

The UK Newborn Screening Programme Centre, which oversees the use of samples, says that some of the bloodspots can be linked to other information, such as hospital admission records, which identifies the individual.

Government guidance says the bloodspots should be kept for at least five years, but hospitals vary widely in their practices.

Central Manchester University Hospitals Trust has 1m samples in storage dating from 1984. About 250,000 further samples are stored in the hospital’s laboratory. It plans to store them indefinitely.

Cambridge University Hospitals Trust retains samples for 18 years. It stores 400,000 samples at Endex archives in Ipswich, with a further 62,800 samples kept in hospital labs.

Great Ormond Street hospital in London began storing samples in 1990 and preserves them for at least 20 years. It screens and stores the samples of about 120,000 babies a year.

It confirmed that it had occasionally handed samples to coroners but not to the police.

Alder Hey children’s hospital in Liverpool, which was at the centre of a scandal over the retention of children’s organs, has 145,000 samples in storage. It receives about 29,000 samples per year. It destroys all samples after five years.

Dr Jane Kaye, director of the centre for health, law and emerging technologies at Oxford University, said: “It is very difficult to get samples like this to do public health screening. It is an enormous resource. But the problem is that this needs to be done properly and with proper consent. At the moment people are not being asked to sign a consent form or make a distinction between what is for their own child’s health and the fact that this may be used for other purposes.”

The samples are taken from babies, aged 5-8 days, to test for conditions such as sickle cell disorders, cystic fibrosis and phenylketonuria.

Shami Chakrabarti, director of Liberty, the pressure group, said that hospitals might face legal claims.

“As someone who gave consent for my own baby to be tested, I’m horrified that anyone would breach my trust, keep my child’s sample for years on end and use it for all sorts of extraneous purposes.

“If they think that thrusting a leaflet in an exhausted new mother’s hand creates informed consent, they can look forward to a flurry of claims under article 8 of the Human Rights Act.

“Liberty is writing to the new health secretary to ask for an urgent investigation.”

From: http://www.timesonline.co.uk/tol/news/uk/health/article7134061.ece

The NHS is sending millions of patient records and confidential medical notes to India for processing — despite a pledge by Labour that personal information would not be sent overseas.
It is the first time that databases of names, addresses and NHS numbers of patients have been sent abroad, along with private information about medical appointments.

NHS managers, under pressure to cut costs, are implementing the changes despite warnings about poor security in some offshore centres.

The Sunday Times has identified seven primary care trusts in northeast London, serving more than 1.5m people, that have begun to send patient details overseas. The databases are administered by about 200 workers in Pune, western India.

Although companies handling the records in India said security was “paramount”, there is a risk of patients being identified if the NHS numbers are matched with anonymised clinical notes carrying NHS numbers, already being sent to India by more than 30 trusts.

Typically, a set of clinical notes will be based on a consultant’s findings during a session with a patient, which he will read into a voice recorder during or after the appointment.

The recording is then transferred to a computer and sent to India, where it is transcribed. One source involved in processing the information said patient names can crop up during the appointment and may then inadvertently be included with the clinical data.

Workers in India are also producing letters for patients with appointments for cervical smear tests and breast screenings.

Pilot schemes for NHS offshore transcription services began more than four years ago and have rapidly expanded. The Royal Free hospital in London, the Derby hospitals trust and the Newham University hospital trust are among those sending clinical notes overseas.

Labour ministers have been anxious to allay concerns about the confidentiality of patient information since the launch of a £12 billion scheme to computerise health records.

In January 2007 Caroline Flint, then health minister, told parliament the project would “expressly preclude the transfer of patient information outside the United Kingdom”.

Trusts, however, believe they may send patient information outside the UK if it does not come under the electronic records project.

John Hemming, the Liberal Democrat MP for Birmingham Yardley and an expert on IT projects, said: “Given the government’s track record of losing data in this country, it is worrying that data are being sent overseas. Every transfer of information adds to the risk of it being lost.”

The possible risks of transferring patient data overseas were exposed last year when undercover reporters from ITV1’s Tonight programme were able to buy health records from a private hospital in London, processed in India. The sellers claimed to have access to thousands of UK medical records.

The transfer of primary care trust records is being handled by NHS Shared Business Services, a joint venture between the Department of Health and the IT company Steria.

From: http://www.timesonline.co.uk/tol/life_and_style/health/article7086816.ece

Health Direct urges you to opt out of labour’s snoopers charter- whilst you still can!

The NHS reported the highest number of serious data breaches of any UK organisation since the end of 2007, the Information Commissioner’s Office says.

David Smith, deputy commissioner at the ICO told the Infosec security conference the NHS had highlighted 287 breaches to it in the period.

That accounts for more than 30% of the total number reported.

The NHS – the UK’s largest employer with 1.7m staff – has only started the process of rolling out digital patient records.

Most of the breaches (113) were the result of stolen data or hardware, followed by 82 cases of lost data or hardware.

Mr Smith said the problems were not confined to the public sector and that results could be skewed because the public sector has a culture of reporting all breaches whereas not all private sector firms did.

Richard Vautrey, the deputy chair of the British Medical Association’s GPs committee thinks the number of breaches reflect the size and complexity of the NHS as well as its culture of openness.

“So many people have access to data and often human error is to blame. There is an increased attempt to be open and honest about what happens to data,” he said.

He added that he was not aware of a specific case where a data breach had affected patient privacy or care.

“We need to keep their breaches in perspective,” he said.

As part of its plans to digitise patient records, the NHS is asking patients if they want their data stored on national databases. It is important that people are given the chance to opt out, said Mr Vautrey.

Currently the reporting procedure for data breaches in the UK is voluntary although the ICO is “moving towards” a compulsory system.

In April the ICO introduced fines of up to £500,000 for serious data breaches.

The European Union’s Telecoms Package requires telecom firms to report data breaches and Mr Smith said he expected this requirement to expand beyond telcos.

Data encryption firm PGP welcomed the tough new approach to data security.

“Finally the ICO, which has long demanded greater powers, will be able to severely punish those in serious breach of the Data Protection Act. For too long, organisations have continued to ignore the warning signs – risking both the privacy of their customers and the reputations of their brands,” said Jamie Cowper, European marketing director at PGP.

He anticipates “severe fines” for the next private sector company to be involved in a serious data breach although he does not imagine the ICO will pursue the NHS.

PGP calculated that data breaches cost companies, on average, £67 per piece of data lost.

From:

http://news.bbc.co.uk/1/hi/technology/10089066.stm

Health Direct asks- given that the NHS has the worst record of data security and that labour politicans have already sent 250,000 political letters to cancer sufferers- are you CERTAIN that your medical records will be safe on the Snoopers Charter database? If not OPT OUT NOW- whilst you still can!

The National Health Service’s £12.7bn scheme to create an electronic patient record will “no longer provide the comprehensive solution” originally promised, says a top NHS executive.

Until now, health ministers and officials have acknowledged that the world’s biggest civilian information technology project is running four to five years late, and have said they want to make £600m savings on the £4bn-plus worth of contracts held by CSC and BT to deliver it.

Up to now, however, no one has conceded that the programme will fail to deliver everything that was promised back in 2003 when the contracts were signed.

Following a revamped deal with BT – the London supplier, which has cut £112m or about 12 per cent off its contract – Ruth Carnall, the chief executive of the London strategic health authority, has said the spending reduction means “it will no longer be possible to provide the comprehensive solution that was anticipated in 2003″.

Not all NHS organisations in London will now receive the software needed to deliver the records, Ms Carnall makes clear in a letter to London chief executives.

Meanwhile, Christine Connelly, the health department’s chief information officer, has said that only about half of London’s 32 big acute trusts will now get the full solution. Others will be able to add clinical systems to existing patient administration systems.

In place of a dedicated means of sharing records across hospitals, and between hospitals and primary care – a key goal of the programme – London will have to rely on the national summary care record, Ms Carnall says. However, this contains little other than allergies and current medication, and does not yet carry referral or discharge information.

On top of this, the Tories have said they will scrap the national record if they win the election.

BT will no longer have to deliver new systems to London’s ambulance service or GP practices. And London can afford to pay for Map of Medicine, a decision support tool for treating patients, for only one more year, says Ms Carnall.

In much of the country, installations in acute hospitals are stalled after CSC missed a deadline to get its solution running at Morecambe Bay NHS Trust. The supplier risks being fired, but is likely to sign a similar, more restricted, deal if it does hit a new deadline for a successful installation.

Glyn Hayes, president of the UK Council for Health Informatics Professions, said it had been clear for some time that the programme was to be reduced. “But this is the first official admission that there are things it will not do that it was intended to do.”

It was unclear, he said, whether the Conservatives would in fact scrap the national record if they won. “But if they do, it knocks a hole in London’s plans,” because without it the capital had no easy means of transferring patient information between settings.

From: http://www.ft.com/cms/s/0/fba8e660-436d-11df-833f-00144feab49a.html

Labour was caught up in a new row over its use of personal data after emailing NHS professionals using their work addresses to ask for their support.

The move emerged after the party had been criticised for delivering campaign leaflets on the party’s cancer policy to 250,000 women, some of whom had the disease.

The postcards, produced by Tangent, which works for the Labour Party, said that the Tories would scrap a Labour guarantee that patients would see a cancer specialist within two weeks.

One of those who received the latest communication, a doctor, has complained that senior Labour figures are trying to pressure her into publicly backing the party against her will.

Labour is trying to organise a round robin letter from senior figures in the NHS saying that only Labour can be trusted to look after the health service.

The Twickenham GP, whose name has been withheld for fear of retribution, contacted the Conservatives in fury at the attempt to make her sign a petition.

The GP expressed concern that Amy Fowler, a development officer for the Labour Party, obtained her work e-mail address, which she claimed is not publicly available.

The petition that the doctor was being asked to sign, which is likely to have been forwarded to a newspaper, committed members of the health service to explicitly backing Labour.

It says: “We are a group of clinicians, staff and campaigners working in and with the NHS. Every day, every week, we see first-hand the quality of care which the NHS gives to patients when they need it most. At this election we are backing Labour as the party of the NHS which will do the most to improve it for all patients.

“There is more to do to improve the NHS, but it is this Labour Government which has shown commitment to the NHS by investing in more doctors, nurses, more services and new hospitals and GP practices. It is Labour who are making the tough decisions that will allow our NHS to be protected in the future from spending cuts which would harm patient care. And only Labour are prepared to put patients first, for example with guarantees to rapid access to cancer specialists and cancer tests.

“For these reasons we believe only Labour can be trusted to protect and improve our NHS at this election.” The e-mail came from Martin Rathfelder, from the Socialist Health Association, but was signed by Ms Fowler.

The GP said: “[This was] totally unsolicited by me. I have never been to any socialist events and would not mix my personal views with work. He says he got it from a list of trainers which is possible. I feel this is an absolute abuse of a publicly funded service. Don’t know anyone who would have nominated me.”

She added: “I am angry that they have e-mailed me at my work e-mail address and would very much like to know how they have obtained confidential NHS e-mail addresses. You might be interested to investigate a. where they obtained these addresses [and] b. whether it is appropriate to use the addresses in this party political way. Needless to say I do not support the petition!”

Paul Beresford, the Tory MP who represents the doctor, said: “This is a grossly unfair attempt by the Labour Party to draw NHS clinicians into political campaigning. They feel under threat of blacklisting if they do not sign up.” Andrew Lansley, the Shadow Health Secretary, said: “The Labour Party need to explain how they have received these NHS e-mail addresses. If they are using the NHS private e-mail system to reach NHS staff for party political campaigning it is an abuse.

“We know from recent research that NHS staff support the Conservatives and not Labour because we are now more trusted to improve the NHS.”

Mr Lansley has written to Andy Burnham, the Health Secretary, to demand that he apologises for the cancer postcards. He said: “Cancer sufferers across the country have condemned Labour’s scaremongering breast cancer leaflets, but still Gordon Brown and Andy Burnham refuse to apologise.”

When asked where he got the address, Mr Rathfelder replied that he obtained it “from a list of training practices”. However the GP said “I still feel it is an abuse of the NHS.”

From: http://www.timesonline.co.uk/tol/news/politics/article7095225.ece

Bereaved families are being told that organs were removed from their loved ones without consent after a blunder affecting Britain’s donor register.

The records of 800,000 people were affected by an error that meant their wishes about the use of their organs after death were wrongly recorded.

An investigation has found that 45 of those for whom wrong records were stored have since died – and in approximately 20 cases organs were taken where consent had not been given.

Donors can give permission for any of their organs to be taken, or provide more specific agreements. A glitch in the IT system more than a decade ago removed the distinctions expressed by people.

Many donors have strong views about what can be taken. Often consent is not given for eyes to be removed, while some people who agree to donate organs are uncomfortable with the idea of their body tissue being used in research.

Joyce Robins, from the pressure group Patient Concern said: “This Government has got an absolutely dreadful record when it comes to data, but it is absolutely horrific that such sensitive details were handled in such a careless way.”

The NHS is about to contact approximately 20 families who allowed organs to be taken from their relations after being misinformed about what consent had previously been given.

It is illegal to remove organs without prior consent from the person who died or their next of kin.

A view is sought from relations before decisions are taken. In the cases where errors were made, it is understood that families were asked for permission, but their decisions were based on misinformation about the wishes of their relations.

After detecting the fault last year, NHS Blood and Transplant, which holds the organ donation register, was able to correct 400,000 of the flawed records. But 400,000 more people will shortly be contacted to be told that the wrong information may be held about them, and asked to provide consent again.

Until fresh consent is obtained, organs will not be taken from any of those people in the event of death.

The error occurred in 1999, when data held by the Driver and Vehicle Licensing Agency, which includes a request for consent in applications for a driving licence, was transferred to the organ registry.

The mistake came to light when NHS Blood and Transplant (NHSBT) wrote letters to new donors thanking them for joining the register, and outlining what they had agreed to donate. Respondents wrote back to say the information was wrong.

A spokesman for NHS Blood and Transplant, said: “We are taking it very seriously and are urgently investigating the situation.”

From: http://www.telegraph.co.uk/Organs-removed-without-consent-after-IT-blunder

The biggest single supplier to the £12bn NHS NPfIT white elephant programme is on the brink of being fired from a key part of its contract after failing to meet a deadline to install systems at hospitals in the north west.

CSC, which holds the contract for two-thirds of England, missed the deadline to get the Lorenzo electronic medical record product up and running at the Morecambe Bay NHS Trust’s hospitals.

CSC originally said the system would go live almost two years ago, in June 2008.

The failure is the latest crisis for the much-troubled programme which is running at least four or five years late.

CSC and BT, which covers London, had each been given a deadline to get new systems running smoothly in a big, acute, hospital, with the Department of Health warning last year that it would “look at alternative approaches” if that failed to happen.

BT has since installed a system at Kingston Hospital to the health department’s satisfaction. Christine Connelly, the department’s chief information officer, said it now needs to go through a due process under its contract with CSC which could yet see a new deadline set and met.

But if progress is not made, she told the Financial Times, the department has the option of cancelling CSC’s contract to install the systems in acute hospitals and letting hospitals choose from other suppliers.

Morecambe Bay, she said, remained keen to continue and under the contract CSC has to be given time to propose a fresh deadline for deployment, with the programme then assessing the credibility of that and whether to agree it.

“We have to walk through this step by step,” Ms Connelly said. “In a contract as large and complex as this we cannot just set a deadline and say that’s it. We have to act responsibly and not expose the department and the taxpayer to risk.”

But, she warned bluntly, “we cannot wait for ever”.

CSC has contracts worth about £3.3bn to install hospital, community, mental health and GP systems, with the latter elements progressing much better.

But Ms Connelly said if CSC’s plan was not credible the NHS had the option of cancelling the acute hospital part of the deal, thought to be worth around £1bn. CSC did not respond to attempts to contact it last night.

BT, having hit its deadline, has agreed a contract variation, signed yesterday, which the department said would save the NHS £112m, or about 12 per cent of the contract value, as part of the £600m savings the health service is seeking on the programme as a whole.

As part of the deal, BT is now signed up to install much fewer full systems in London, with about half the hospitals likely to add clinical systems to their existing IT arrangements, rather than replacing everything, Ms Connelly said.

Allowing hospitals to choose other suppliers is already starting to happen in the south of England, although the first contracts for that have yet to be signed. That should start to take place from May this year, she said.

From: http://www.ft.com/cms/s/0/6a9f7ee2-3d26-11df-b81b-00144feabdc0.html

Some patients will not be warned before their private records are put on a controversial NHS database because confidential letters offering them the chance to opt out have gone astray, health officials admitted.

Around nine million patients are due to receive letters this month asking whether they wish to stop their medical records being transferred onto the £11 million system, but officials said the sheer scale of the project has made errors inevitable.

Patients should be notified 12 weeks before their records go live, but the NHS admitted that people scattered across three counties in the North East have not been informed because their confidential letters were sent to the wrong addresses.

The Summary Care Records system, which will eventually hold the medical details of more than 50 million patients, has been dogged by fears that the private information it stores will never be safe from hackers and data losses.

Deepa Shah of NHS Connecting for Health, which manages the database, said: “It’s very difficult not to make mistakes when you are mailing nine million people. It’s a shame that a handful of letters have gone missing, but it would be very difficult for us to monitor ever single one.”

Patients in Hertfordshire, Cambridgeshire and Norfolk have received letters addressed to the wrong person in the same envelope as their own letter.

NHS Connecting for Health claimed the error was confined to the North East, but inside sources said letters had also gone missing across Trafford in the North West.

The extent of the error, which occurred when staff began stuffing envelopes manually after machinery broke down, is unknown, but 25 cases of duplicate letters have already been reported.

Officials at the Central Office for Information, which manages Government mail-outs, said they would inform patients whose letters had been sent to the wrong address of the mistake.

But they admitted that none of at least 25 cases discovered by The Daily Telegraph had been reported directly to them, raising fears that many more letters may have gone astray without officials realising.

Lateral Group, the private company contracted by the Central Office for Information to carry out the mail-out, did not respond to questions about the number of letters that had been lost. A spokeswoman for the NHS said the company had taken the error “very seriously”.

At present 1.29 million people have had their details placed on the system and a further 8.9 million records are due to be added by June. By the end of next year, the NHS hopes to have more than 50 million uploaded.

The system is designed to link about 30,000 GPs to 300 hospitals, providing access to an online appointments system and electronic prescriptions.

The labour Government says patients would be able to access their own records online and will be asked before health care staff view their information.

But The Daily Telegraph disclosed on Wednesday that the British Medical Association had written to ministers to give warning that records are being placed on the database without patients’ knowledge or consent.

The chairman of the Association called for the project to be suspended amid claims that the Government is rushing it through before the Conservatives have a chance to cancel it if they win the General Election.

Hamish Meldrum wrote: “The breakneck speed with which this programme is being implemented is of huge concern.

“Patients’ right to opt out is crucial, and it is extremely alarming that records are apparently being created without them being aware of it.”

He warned that people were not receiving their letters because they were being sent to the wrong addresses and many patients who have received them are unsure of what they mean.

Some patients have also complained of being made to answer a series of personal questions before being allowed to opt out of having their confidential records placed on the database.

Staff on the Summary Care Records helpline are told to ask a person’s name, address, date of birth, ethnic group and whether they work for the NHS before agreeing to send them an opt-out form.

Chris Mannering, a 57-year-old housewife from Sussex, said: “It’s intimidating when you’re told that all you have to do is ring the number and ask for a form, and in fact you are interrogated. It made me very cross.”

Dr Katherine Murphy, director of the Patients’ Association, said: “There is a real danger that an initiative that will benefit patients is going to turn into the usual complete mess. Many patients are rightly concerned about their confidentiality and consent and if there is even the slightest impression that this is being pushed through it will generate a feeling of mistrust.

“People who might otherwise have consented could end up opting out which would be the last thing everybody wants.”

A spokeswoman for the Central Office for Information said: “As soon as we became aware [of the mistake] the contractor acted promptly to put in place additional quality checks to safeguard against a repeat of the issue. We remain committed to patient confidentiality and the local NHS will write to those affected to apologise and provide reassurance.”

She added that the letters do not themselves contain any confidential medical information, although they do contain names, addresses and details of the GP surgeries attended by the individuals concerned.

From:
http://www.telegraph.co.uk/health/healthnews/Patients-will-not-be-warned-before-medical-records-go-online-after-vital-letters-lost