Patients should be able to access to all their hospital, community and social service records within the next 10 years, but governance of this information must be improved, concludes a government-commissioned review of data sharing and protection. 

The review, carried out by Dame Fiona Caldicott, also recommended that patients are able to trace who has accessed their information along an ‘audit trail’, and called for stricter handling of any data breaches.

Penalties for breaches, it said, should be administered via the Information Commissioner's Office, which is able to impose civil monetary fines of up £500,000 and potentially criminal prosecution for serious breaches of the Data Protection Act.

"Data sharing is vital for patient safety, quality and integrated care," Dame Fiona stressed, but clinicians have lost confidence about "when it is safe to share information and the safeguards that are required for sharing".

“A re-balancing of sharing and protecting information is urgently needed in the patients’ and service users’ interests," she said, adding that there is "clearly an urgent and ongoing need for education and training in this area for staff, and also for patients and service users".

Effective sharing of patient information has "enormous potential to improve patient care, services and treatments", but can only be done effectively "if patients are given a say over how their personal information is used," said health secretary Jeremy Hunt, responding to the review.

Opting out

The government is due to make a formal response to the stream of recommendations in the report in the Summer, but Hunt did say that patients not wanting their personal data within their GP record to be shared with the Health and Social Care Information Centre will have their objection respected.

And if this personal data has already been shared the patient will still be able to have the identifiable information removed, he noted.

"I firmly believe that technology can transform the quality of healthcare in this country, but we must always respect the fact that this is very personal information about an individual," Hunt said.

Mike Farrar, chief executive of the NHS Confederation, which is undertaking a major piece of work to reduce the unsustainable burden of information collection the NHS is subject to, agrees there is "a clear need" to strike the right balance between sharing and protecting patient information, and welcomed the call for "regulation of information governance to be balanced and proportionate, and to make use of existing means rather than imposing new requirements".

The Department of Health also announced that Dame Fiona will chair an independent panel to oversee and scrutinise implementation of the review’s recommendations and to provide advice on information governance issues.

And it will be down to British Medical Association, NHS England and the Royal College of GPs to raise public awareness of the changes and how any objections can be lodged, as well as help inform GPs of their role in the process, it said.