Patients should have control over their data – there should not be any surprises
Patients should have the right to choose whether or not their personal and/or clinical data is processed (including but not restricted to, uploading to databases, shared, accessed and so on). Explicit informed consent should be required BEFORE any personal or clinical data can be added to databases or other means of storing or sharing data. Automatic opt-in should not be allowed to avoid patients being surprised to find out that their data is being processed for any purpose other than the specific purpose they were provided for.
IT should not drive patients' rights – patients need to be in control of their data. Going to your GP should not be a worry as to whether your data is going to end up on some database that you are not aware of, or that some researcher is going to be able to trawl through your records without your consent. This is not acceptable.
This applies to all data processing possibilities concerning patient data (personal and clinical). To help to avoid surprises and to ensure that patients are kept fully informed of any processing of their data (and to ensure that only processing that has been consented to is taking place), patients should be provided with a regular list of all potential forms of data processing possible regarding their data together with a list of any processing that they have currently consented to.
Why does this idea matter?
It is vital that patients are in control of their data and are fully aware of how it is being processed. Patients at the moment are often ignorant of the fact their personal and clinical data is processed for all sorts of purposes not directly related to providing them with health or medical care. It often comes as a surprise for patients to discover their (identifiable and also anonymised) data is accessible to researchers, auditors and others. No-one should have access to patient data without the patient (or the person acting for them legally) giving informed consent first.
We need to preserve trust between patients and their GP or other health professionals. If personal and clinical data is processed without patient knowledge or even against patient wishes then the whole system of confidentiality is lost including trust. Without trust the healthcare system breaks down – patients who cannot trust their health professionals do not seek treatment or delay seeking treatment, patients who are concerned about confidentiality or lack of trust may not be open with their GP and others and therefore the potential success of any diagnosis or treatment is put at risk. And this ultimately is not good for the patient (or those providing treatment).
Providing patients with regular information about what they have consented to regarding processing of their data ensures that they are kept fully informed and they can review and update their consent choices if they wish.