NHS patients' records frequently leaks personal data
Patients' confidential medical records are regularly being accessed by people who have no right to them, research by the BBC has revealed. Figures obtained under the Freedom of Information Act reveal that in the last year there have been several data security breaches in the West of England.
Confidential medical records should only ever be seen by doctors and nurses who are working with the patient concerned, with the government spending some £13bn to digitise the medical records of every patient in Britain.
By 2010, the NHS Care Records scheme aims to have an electronic NHS Care Record for all patients.
The record will detail the key treatments and care given to each of the NHS's 50 million patients.
But in the last year there have been incidents in Gloucester and Cheltenham where staff have shared passwords, giving unauthorised people access to confidential records.
At Bath's Royal United Hospital the same type of breach took place while breaches of security also took place in Swindon and Bristol.
The North Bristol NHS Trust has reported catching a member of staff looking at friends' records, although they were just issued with a warning.
The NHS electronic patients' record has an electronic audit trail built into the system that shows who has accessed what record, how and why, and for how long. Any pattern of unusual activity can be flagged-up and appropriate action taken.
Somerset GP Dr Harry Yoxall told of two instances he encountered where records were accessed by inappropriate people.
"On the first occasion an employer of a relatively small computer supplier to the NHS was looking up information about one of his relatives by getting access to a GP medical records system," he said.
"Then an employee of a hospital trust was using his access to their medical system to look up information about one of his relatives."
One campaigner from the pressure group NHS Confidential Opt Out is encouraging people to remove themselves from the database system.
Helen Wilkinson said: "My concerns are that they need to put more stringent safeguards in place and also that they need to consider, perhaps, smaller local databases that actually link up, but with explicit patient consent, so that would put the patient in control."
Richard Caves of the South West Strategic Health Authority said: "I am confident that a trust - where it suspects an individual member of his own staff as having unauthorised access to a record - that trusts will be able to take measures to track that down."
From:
http://news.bbc.co.uk/1/hi/england/bristol/7119075.stm
NHS database will weaken patient security MPs learn was posted by Health Direct on Thu 22 Nov 2007- The man in charge of setting up the NHS medical records database has admitted that "you cannot stop the wicked doing wicked things" with information. Richard Jeavons, director of IT implementation at the Department of Health, said there were instances where staff "abuse their privileges".
These had to be "pursued", he told the Commons home affairs committee. The plan to put 50 million patients' records on the database is part of a £12bn NHS IT overhaul.
The scheme has raised concerns over cost and the security of information.
A poll for the Guardian suggests that 59% of GPs in England are unwilling to upload any record onto the database without the patient's specific consent.
Three quarters of more than 1,000 doctors questioned believed medical details would become less secure when they are put on a database that will eventually be used by the NHS and social services.
Government chief information officer John Suffolk told the MPs that setting up a nationwide database going across Whitehall departments and other government agencies would create more problems.
He said: "When you work at a national scale, to continue to put more eggs in a single basket is a foolhardy approach."
Mr Suffolk added: "The more and more you put it into a large database, with more and more people having access, it becomes more complex...
"If we can avoid setting up large-scale citizens' databases, that would be a wise thing to do."
Health Direct asks if you are still 100% confident that labour will keep all of your medical data secure?
Confidential medical records should only ever be seen by doctors and nurses who are working with the patient concerned, with the government spending some £13bn to digitise the medical records of every patient in Britain.
By 2010, the NHS Care Records scheme aims to have an electronic NHS Care Record for all patients.
The record will detail the key treatments and care given to each of the NHS's 50 million patients.
But in the last year there have been incidents in Gloucester and Cheltenham where staff have shared passwords, giving unauthorised people access to confidential records.
At Bath's Royal United Hospital the same type of breach took place while breaches of security also took place in Swindon and Bristol.
The North Bristol NHS Trust has reported catching a member of staff looking at friends' records, although they were just issued with a warning.
The NHS electronic patients' record has an electronic audit trail built into the system that shows who has accessed what record, how and why, and for how long. Any pattern of unusual activity can be flagged-up and appropriate action taken.
Somerset GP Dr Harry Yoxall told of two instances he encountered where records were accessed by inappropriate people.
"On the first occasion an employer of a relatively small computer supplier to the NHS was looking up information about one of his relatives by getting access to a GP medical records system," he said.
"Then an employee of a hospital trust was using his access to their medical system to look up information about one of his relatives."
One campaigner from the pressure group NHS Confidential Opt Out is encouraging people to remove themselves from the database system.
Helen Wilkinson said: "My concerns are that they need to put more stringent safeguards in place and also that they need to consider, perhaps, smaller local databases that actually link up, but with explicit patient consent, so that would put the patient in control."
Richard Caves of the South West Strategic Health Authority said: "I am confident that a trust - where it suspects an individual member of his own staff as having unauthorised access to a record - that trusts will be able to take measures to track that down."
From:
http://news.bbc.co.uk/1/hi/england/bristol/7119075.stm
NHS database will weaken patient security MPs learn was posted by Health Direct on Thu 22 Nov 2007- The man in charge of setting up the NHS medical records database has admitted that "you cannot stop the wicked doing wicked things" with information. Richard Jeavons, director of IT implementation at the Department of Health, said there were instances where staff "abuse their privileges".
These had to be "pursued", he told the Commons home affairs committee. The plan to put 50 million patients' records on the database is part of a £12bn NHS IT overhaul.
The scheme has raised concerns over cost and the security of information.
A poll for the Guardian suggests that 59% of GPs in England are unwilling to upload any record onto the database without the patient's specific consent.
Three quarters of more than 1,000 doctors questioned believed medical details would become less secure when they are put on a database that will eventually be used by the NHS and social services.
Government chief information officer John Suffolk told the MPs that setting up a nationwide database going across Whitehall departments and other government agencies would create more problems.
He said: "When you work at a national scale, to continue to put more eggs in a single basket is a foolhardy approach."
Mr Suffolk added: "The more and more you put it into a large database, with more and more people having access, it becomes more complex...
"If we can avoid setting up large-scale citizens' databases, that would be a wise thing to do."
Health Direct asks if you are still 100% confident that labour will keep all of your medical data secure?
Labels: data-privacy, health direct, IT disaster, NHS Opt Out, Patients' Association
posted by Dr Search- Principal Consultant at the Search Clinic at
10:37 AM
0 Comments:
Post a Comment
<< Home