Every NHS patient will carry their medical records with them in a ‘patient passport’ in the NHS app under new plans unveiled by health secretary Wes Streeting.
The app will store medical records digitally in one place, meaning that GPs, hospitals and ambulance services can access information quickly so experts can find the right treatment faster. It will, according to the government, speed up patient care, reduce the need for repeated medical tests and cut down the number of patients being given the wrong medication.
The health secretary is launching a consultation with a view to transforming the NHS from ‘analogue to digital’ over the next ten years. New laws will be introduced on Wednesday to make patient health records available across different NHS Trusts in England.
What does the NHS app do now?
The NHS app allows patients to book hospital appointments, book GP appointments and order repeat prescriptions.
It stores GP records about patients, helping to speed up treatment, but at present practices have to enable this and older historic information is not available.
Patients can also book online consultations and send secure messages to healthcare professionals.
The app became popular during the COVID pandemic due to its use as an NHS COVID Pass.
By September 2022, 30 million people had signed up to use the app, which is available free to anyone aged 13 or over and registered with a GP practice.
How does Labour want to change it?
The new app will include ‘Patient Passports’, which will consolidate all data about a patient in one place – from test results to letters from GPs.
This means that patients can be given the right treatment faster, compared to the current system where records are held on paper.
Part of this is ‘Unified Health Records’, which will make patient health records available across all NHS trusts in England.
The Department of Health and Social Care said of the proposals: “It will put patients in control of their own medical history, meaning they don’t have to repeat it at every appointment, and that staff have the full picture of patients’ health. New laws are set to be introduced to make NHS patient health records available across all NHS trusts, GP surgeries and ambulance services in England.”
Labour has said it hopes this change will switch the NHS from ‘analogue’ to ‘digital’, meaning that doctors and consultants waste less time on admin, and patients can access the right care faster.
What are the risks?
Privacy groups have warned that the new app puts patients at risk of hacking, and that private medical data might be sold to drug companies.
Privacy campaign group medConfidential said that patient records will be accessible by any of the NHS’s 1.5 million staff, not just people with a legitimate interest in seeing it, such as a GP.
In the past few years, medical staff have accessed the records of celebrities including Ed Sheeran, Sir Alex Ferguson and Catherine, Princess of Wales.
Privacy expert Jamie Akhtar, Co-founder and CEO at CyberSmart said, “Wes Streeting’s proposal aims to create a centralised database that could compromise your medical privacy. Your personal medical records, which are currently managed by healthcare professionals, would instead be under the control of politicians, who might decide to sell this sensitive information to the highest bidder.
“This plan could be a serious risk to your privacy, potentially making it easier for individuals with ill intentions to misuse NHS systems to access confidential information meant only for your doctor. The government has yet to show any real effort to put in place strong measures to stop such breaches.
‘More NatWest than Star Trek’
NHS organisations are already a frequent target for ransomware attacks, and digitised patient records would be a highly valuable target for cyber attackers.
Another potential concern is reliability, with apps such as banking apps having high-profile failures in recent years – although the NHS says that the current app has 99.98% availability.
Health minister Stephen Kinnock said that the Government will take a “common sense” approach to balancing privacy and the benefits of a single patient record.
Speaking to BBC Radio 4’s Today programme on Monday, he said, “In the end, if we don’t modernise the NHS to make it more efficient and productive, you can have the best data protection rules in the world, but you’re not going to have a health and care system that actually works.”
“You’ve got to have a system that works and that enables the hugely important interface between GPs, hospitals and patients and to create that single patient record, that has to be balanced against watertight data protection, and that is the balance that we’re going to strike.
“But if you constantly just say, we can’t do this because of data protection concerns, you’re just going to have the status quo going on and on and on, and you’re going to have a system that doesn’t work, frustrated patients, frustrated staff.”
Kinnock described the Government’s plan as being similar to using online banking apps, and said the idea was “more NatWest than it is Star Trek”.
He said that the large data sets held by the NHS would enable it to work ‘hand in hand’ with companies in the life sciences sector to raise funds by using anonymised patient data to power research, while maintaining privacy.
Javvad Malik, lead security awareness advocate at security firm KnowBe4 told Yahoo News: “Overall this is a welcome move to consolidate and digitise patient records. But, putting all your eggs in a digital basket is not without risk. Data transformation projects come with their own risks when migrating data and protecting it adequately.
“Cybersecurity, in this context, isn’t just a technical issue but a deeply ethical one, affecting real lives and real privacy. The government’s commitment to introducing robust safeguards in forthcoming legislation is indeed a step in the right direction.
“The ‘cast iron guarantee’ on security, as mentioned by Stephen Kinnock will need to be just that – impervious and unbreakable, protecting patients’ data from potential exploits and misuse. This can’t be achieved through technical controls alone. It requires a culture of cybersecurity to be embedded throughout the NHS and its partners and for all its staff to be successful.”
