Page last updated at 01:19 GMT, Friday, 26 March 2010

Non-medical staff 'have access to health records'

By Jane Ashley
Health reporter, BBC News

Patient records
Big Brother Watch said the system was "wide open for abuse"

At least 100,000 non-medical staff in NHS trusts have access to confidential patient records, claim campaigners.

Big Brother Watch, who based the figure on 151 responses from trusts, said it demonstrated "slack security".

The group says hospital domestics, porters, and IT staff are among those with access to records in some trusts.

The Department of Health says the report muddles paper files and the newer electronic systems for which access will be strictly controlled.

Big Brother Watch asked every NHS Trust in the UK for the number of their non-medical staff who had access to confidential patient records.

The number of non-medical personnel with access to confidential medical records leaves the system wide open for abuse.
Alex Deane, Big Brother Watch

Access was defined as being able to see at least a patient's full name, date of birth and most recent medical history. No distinction was made between paper and electronic files.

The responses showed that 101,272 non-medical staff had access to records. This was an average of 732 in each trust.

Of the 194 trusts in the UK, 43 did not disclose any information or provide enough detail to be included in these figures.

Big Brother Watch says this demonstrates "slack security and monitoring around those with access to patient medical histories".

Data concerns

Its director, Alex Deane, said: "The number of non-medical personnel with access to confidential medical records leaves the system wide open for abuse.

"Whilst Big Brother Watch has considered emergency, necessity and practicality concerns, we believe it is necessary to drastically reduce the number of people with access to medical records to prevent the high rate of data loss experienced by the NHS."

The government is currently rolling out a medical records database for patients in England. It hopes to have 50 million records on the system by 2014.


A Department of Health spokesman said the report was "confused" and had muddled paper files, which potentially allow any member of staff to see confidential information, and new electronic systems which strictly control access to those directly involved in a patient's healthcare.

"We have set clear standards for NHS organisations to adhere to on data handling, and have issued guidance that sets out the steps they must take to ensure records are kept secure and confidential," the spokesman said.

"With the modernisation of NHS IT, access to electronic records is controlled by smartcards which allows all access to be tracked and audited so that, unlike paper files, any abuse can be traced and dealt with.

"When managed properly, it is not possible for an unauthorised member of staff to see clinical information."

We have made it very clear that it is completely unacceptable for staff with no involvement in providing and supporting patient care to access confidential information.
Department of Health spokesman

The Information Commissioner's Office said it was vital that medical records remained private and that information was kept secure, accurate and up-to-date.

David Smith, Deputy Information Commissioner, said: "The NHS must ensure that robust criteria are applied to ensure the numbers of people who have access to medical records are kept to a minimum."

"We will study the report carefully and will not hesitate to make our own inquiries with the NHS if further action is required," he added.

Need to know

The trust with the highest number of non-medical staff with access was Sandwell and West Birmingham, with 2,487.

It spokesman, Nick Howells, said its figure was high because it had included health care support workers, who are not qualified nurses but work in frontline patient care.

He said the report failed to recognise that many people who work behind the scenes, like medical secretaries, pharmacy workers and clerical workers in areas of bed management need access to patient records in order to run the hospital.

"The Trust does take its responsibility to protect the confidentiality of patient notes seriously and, for all of those who have access to patient notes, that access is controlled so there are different levels of access on a need-to-know basis," he added.

Big Brother Watch is a group which campaigns on privacy issues and was set up by the founders of the TaxPayers' Alliance.

Print Sponsor

The campaign group: Taxpayers' Alliance
03 Mar 08 |  UK Politics
Call to halt NHS medical database
10 Mar 10 |  Health
Q&A: Electronic medical records
10 Mar 10 |  Health

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Sign in

BBC navigation

Copyright © 2016 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific