NHS addresses Euro data-sharing concerns

The NHS has not yet decided whether it will take part in a large-scale pilot involving the sharing of confidential patient details between European countries.

However, following recent criticism of the proposed scheme by security experts, officials administering the National Programme for IT (NPfIT) — the massive health service computerisation project — have claimed the project would ensure privacy and security.

The pilot would take place as part of the Competitiveness and Innovation Framework Programme (CIP), itself part of a massive EU funding drive for research and development, and would involve six countries allowing patients' details to be shared if they were treated outside their home state. The scheme has not yet been approved, but is likely to be agreed upon later this year.

Michael Walker, the director of digital information and health policy at Connecting for Health (CfH — the NHS department responsible for NPfIT), wrote to ZDNet UK on Tuesday insisting that, if it went ahead and the NHS opted in, the pilot would not give UK patients anything to worry about.

"Citizens already move between member states and for various reasons seek healthcare in other states. When they do, relevant and appropriate information is sent between the parties involved with the consent and knowledge of the patients," wrote Walker.

"I cannot emphasise too strongly that no personal data about UK patients will be sent outside the UK other than as permitted by the UK Data Protection Act and with the appropriate knowledge and consent of the patient concerned."

Walker also revealed that CfH "has made no decision on whether to take part in the CIP framework or the proposed pilots", although it had been involved in discussions with the European Commission over the "process and principles" of the scheme. "It is important to emphasise that there is no obligation on NHS CfH to take part in the CIP process," he added.

Despite the fact that participating member states would be responsible for their own security in accessing other countries' systems, "the NHS in England will not allow personal data to be transferred unless there is an equivalent security regime in the destination state", Walker also claimed.

It also appears that this interoperability was built into NPfIT from the start, although the fact had not been widely publicised until now. "NPfIT systems are being built in strict compliance with relevant existing international and European interoperability standards expressly to ensure that the NHS in England will, when necessary and appropriate, be able to exchange information with other health administrations," wrote Walker on Tuesday, while suggesting that it would be impossible to calculate any additional costs arising from interoperability testing "until NHS CfH has seen the call for proposals, and made a decision on whether to take part".

Walker described the types of information that could be shared under the scheme as including "basic demographic information, allergies or critical pre-existing conditions (eg diabetes), and current medications", but stressed that the plan was still "at a very early stage".

Meanwhile, a spokesperson for the British Medical Association (BMA) told ZDNet UK last week that it would be "premature to look at how the English system would link up with EU systems" when medical systems in England, Wales and Scotland were not yet interoperable, adding that "we need to get our own systems in place first".

Critics of NPfIT itself have regularly questioned technical and other aspects of the programme, which is the largest civilian IT project in history. However, the NHS has repeatedly rebuffed calls for an independent review.