This site is intended for health professionals only

Private number

Private number

|

Clinical leaders need to scrutinise their figures but a piece of legislation which prevents them from checking hospital invoices has made this difficult

The story of 2013 that never quite hit the public consciousness is that an estimated £750 million of NHS money per year is potentially being wasted because of the inability of clinical commissioning groups (CCGs) to check hospital invoices thoroughly. It’s called ‘the section 251 problem’, and it all revolves around confidentiality.

Before April 2013, primary care trusts (PCTs) checked the accuracy of secondary care invoices by using acute invoice validation software, passing on the patient’s NHS number to the practice so that it could identify the relevant patient and check the invoice against clinical information received from the hospital. In the past, up to 25% of these invoices proved incorrect, though the actual level varied greatly from hospital to hospital. Mostly these inaccuracies were due to human error, and occurred because of the large numbers of potential traps involved in the complex process of clinical coding.

But when the Health and Social Care Act came in, PCTs’ rights to access medical information for commissioning purposes weren’t transferred across to CCGs under the continuing legal framework (section 251). Indeed, it is now an offence with very significant financial penalties for any software firm or NHS body to use patient confidential data (PCD) for commissioning purposes.

Immediately this created an enormous problem. Although CCGs can do most, if not all, of their commissioning and contract management work without PCD, they also have a duty to check invoices sent to them. From 1 April 2013 they could neither do it themselves, nor pass onto the GP the identity of the individual to whom each invoice related. 

So how do CCGs and practices now check the invoices? In a word, they can’t (at least, not beyond the most basic tests, such as a female operation apparently performed on a male patient).

What’s the problem?

At heart the problem is simple. Although the national NHS number, unique to each patient, is intended to act as the sole identifier of that patient across the whole of the NHS, the recently updated Caldicott guidelines now suggest that non-medical managers shouldn’t be using PCD for commissioning purposes, other than in restricted and well defined surroundings called Accredited Safe Havens, which to begin with were largely not in place, and didn’t at first involve CCGs. 

Immediately, this undermined the whole concept of a single national identifier within the NHS, to be used for everything. (The irony is that the Caldicott 2 report also introduced a new duty — of sharing clinical information appropriately, and not withholding it).

Some failed solutions

Clearly this new situation presented CCGs with a huge problem. One possible solution was to pseudonymise the NHS number so that staff in CCGs couldn’t identify the patient to which each invoice referred, but when that invoice’s information was passed to the GP there would be tools to de-pseudonymise the NHS number. That sounded a fantastic idea – except that practices didn’t have any de-pseudonymisation tools.

The newest idea is to avoid using the NHS number altogether. The latest guidance (only just released, and only related to non-contracted activity which is not the main bulk of the CCG’s cost/activity base) is that it is now deemed acceptable to use purely local identifiers such as the hospital number for the purposes of commissioning. 

At first this seems like a solution — except that for the last two decades the NHS has been trying to get both primary and secondary care to rely entirely on the NHS number and cease using local hospital numbers. Because of this, few GPs now record the hospital number in their software — and at least one of the major primary care systems has no search facility for them. Without the NHS number, date of birth or name, about the only way GPs will be able to match an individual patient with the data from SUS (secondary use services) is by opening a patient’s scanned hospital letter and looking for the hospital number. As, on its own, a hospital number passed to a GP could relate to any of the 6,600 patients in the average practice, each invoice is going to take a long time to check… which, as practices typically have just a week to do all that month’s invoices, is just not practical. It’s a good example of trying to solve a problem with an inelegant and time-consuming workaround rather than fixing it at source. 

Getting to the bottom of the problem

As a clinician, I’m extremely careful to keep medical information confidential. That’s how it is, and that’s how it should remain. Nevertheless, most patients assume that their personal medical information will be shared with other healthcare professionals who have a clinical relationship with that patient. I’m sure that patients also accept that this sharing of information needs to extend to checking the accuracy of the organisational and financial aspects of their care under the NHS. (After all, this is what happens when they go privately, isn’t it?) So I think that the real answer here — which fulfils the need for a simple, elegant, non-time-wasting solution — is to have a single identifier for each patient; recognise that there is both a clinical and an organisational/financial/probity need to tie this in with PCD; and for the NHS to get on with creating mechanisms to do this which don’t involve time-consuming workarounds.

The recommendations just released include plans for the development of a controlled environment for finance (CEfF) within commissioning support units (CSUs) and CCGs to allow PCD to be used with complete probity in all areas. I can only hope that these are set up very quickly. We have already lost nine months: further delays will be highly unwelcome. 

Equal and opposite — the care.data problem

Although the NHS has become over-cautious with PCD, exactly the opposite situation has occurred with the care.data scheme. As from March 2014, the Health & Social Care Information Centre (HSCIC) will be taking copies of all patient records from all practices in England (unless individual patients choose to opt out). Not only that, but these records won’t be anonymised or pseudonymised before being copied. We’ll all have to trust that HSCIC won’t make any mistakes with our (often highly personal) data – though the most intimate details probably aren’t at risk as these tend to be recorded in the free-text, which won’t be uploaded.

Nevertheless, GPs aren’t allowed to stop these uploads from happening. HSCIC has the right to copy this information: this is enshrined in the Health and Social Care Act. After early reluctance on the part of the NHS, individual patients have now been allowed to opt out of the uploading of their data — but GPs have been warned that if too many of their patients opt out then questions will be asked of the practice.

Why should we GPs be bothered? Firstly, as an ethical duty: keeping patients’ medical information confidential is one of the highest duties of our calling — it’s part of the Hippocratic Oath. More mundane — and a lot more recent — is that although we have no option but to allow this data to be copied, in law we still remain the data controllers, legally still responsible for what happens to that data after it has been uploaded (even though we don’t know to who it will be sent, nor how it will be processed).

Despite the strict legal position regarding the right to perform these uploads, in my view, and that of many other clinicians, what NHS England and HSCIC are proposing is ethically suspect and should be halted immediately. The law also needs to be changed so that data controllers are automatically relieved of their responsibilities when the regulations force them to part with the data they are controlling.

There is actually a very simple solution to this whole situation: insist that all personally identifiable medical information is pseudonymised or anonymised before being extracted from practice computers. (And yes, I know it is possible to de-pseudonymise data if you really try hard: but we live in a real world and it is impossible to create a perfect level of anonymity).

At the very least, pseudonymisation at source will ensure that if there is an inadvertent release of information (a stolen laptop, or a bribed or blackmailed HSCIC employee) then to a casual observer the information leaked will be meaningless.

Time is of the essence

The tardiness of NHS England over resolving the section 251 problem has been a source of huge irritation. Requests for definitive guidance fell on deaf ears; indeed, at one stage during the summer it was clear that no one in authority was prepared to commit themselves in writing. 

NHS England also wants us to save £30 billion under the ‘Call to Action’ challenge, criticises CCGs for not balancing the books — and yet still doesn’t provide a workable solution for checking the biggest source of CCG expenditure. 

That these issues have dragged on for so long without permanent resolution is unfortunate, bearing in mind the amount of money at stake. Surely there are more efficient ways to run a health service? 

|

Ads by Google