NHS records 'could be hacked'

Doctors are concerned about the security of patient records

Doctors in Scotland are calling for security guarantees over plans to put patients' health records on an NHS intranet system.

Critics of the plan claim that computer hackers could gain access to highly confidential information if the scheme went ahead.

The Scottish Executive said it would not introduce the system until it was convinced it was "totally secure".

Scotland will be the first part of Britain to take part in the experiment which will be used by doctors, pharmacists and patients themselves.

Susan Deacon: Plans to phase in the system by 2003

Scottish Health Minister Susan Deacon plans to phase in the system by 2003, which could also lead to patients carrying their health records on a "smart card".

The records will be held on NHSnet, the secure internet system used by health staff, but its security has been questioned.

Dr Kenneth Harden, chair of the Scottish GP committee of the British Medical Association, told the Mail on Sunday newspaper that doctors would not hand over the records unless their security could be guaranteed and patients had given their consent.

Dr Harden also said that there were "major concerns" that information relating to a patient's sexual history or treatment for mental illness could become public property.

Dr Harden: Major concerns

Scottish Tory health spokeswoman Mary Scanlon also questioned the scheme.

She said: "This is, in general, a good idea, but the implementation has to be right.

"There is nothing about the record of the NHS in Scotland in introducing computer systems which fills me with confidence and one only has to look at scandals in the past, such as the failings of the various screening programmes, as proof.

"These documents are documents that most of us want to remain totally private."

Internet expert Mark Shaw said that the information would become a target for "hackers and crackers".

Totally secure

There have been a number of high profile hacking cases in recent years with Barclays bank and the Pentagon among the victims.

However, a spokesman for the Scottish Executive said that the system would not be introduced unless they were confident that it was secure.

He said: "We have a commitment to develop electronic health records but there is no suggestion at all that we will be putting them on the internet.

"The records will be electronic so that those authorised can gain access when they need to.

"Absolutely nothing would be done unless we were convinced that it was totally secure."