By Jane Ashley
Health reporter, BBC News
Big Brother Watch said the system was "wide open for abuse"
At least 100,000 non-medical staff in NHS trusts have access to confidential patient records, claim campaigners.
Big Brother Watch, who based the figure on 151 responses from trusts, said it demonstrated "slack security".
The group says hospital domestics, porters, and IT staff are among those with access to records in some trusts.
The Department of Health says the report muddles paper files and the newer electronic systems for which access will be strictly controlled.
Big Brother Watch asked every NHS Trust in the UK for the number of their non-medical staff who had access to confidential patient records.
Access was defined as being able to see at least a patient's full name, date of birth and most recent medical history. No distinction was made between paper and electronic files.
The responses showed that 101,272 non-medical staff had access to records. This was an average of 732 in each trust.
Of the 194 trusts in the UK, 43 did not disclose any information or provide enough detail to be included in these figures.
Big Brother Watch says this demonstrates "slack security and monitoring around those with access to patient medical histories".
Its director, Alex Deane, said: "The number of non-medical personnel with access to confidential medical records leaves the system wide open for abuse.
"Whilst Big Brother Watch has considered emergency, necessity and practicality concerns, we believe it is necessary to drastically reduce the number of people with access to medical records to prevent the high rate of data loss experienced by the NHS."
The government is currently rolling out a medical records database for patients in England. It hopes to have 50 million records on the system by 2014.
A Department of Health spokesman said the report was "confused" and had muddled paper files, which potentially allow any member of staff to see confidential information, and new electronic systems which strictly control access to those directly involved in a patient's healthcare.
"We have set clear standards for NHS organisations to adhere to on data handling, and have issued guidance that sets out the steps they must take to ensure records are kept secure and confidential," the spokesman said.
"With the modernisation of NHS IT, access to electronic records is controlled by smartcards which allows all access to be tracked and audited so that, unlike paper files, any abuse can be traced and dealt with.
"When managed properly, it is not possible for an unauthorised member of staff to see clinical information."
The Information Commissioner's Office said it was vital that medical records remained private and that information was kept secure, accurate and up-to-date.
David Smith, Deputy Information Commissioner, said: "The NHS must ensure that robust criteria are applied to ensure the numbers of people who have access to medical records are kept to a minimum."
"We will study the report carefully and will not hesitate to make our own inquiries with the NHS if further action is required," he added.
Need to know
The trust with the highest number of non-medical staff with access was Sandwell and West Birmingham, with 2,487.
It spokesman, Nick Howells, said its figure was high because it had included health care support workers, who are not qualified nurses but work in frontline patient care.
He said the report failed to recognise that many people who work behind the scenes, like medical secretaries, pharmacy workers and clerical workers in areas of bed management need access to patient records in order to run the hospital.
"The Trust does take its responsibility to protect the confidentiality of patient notes seriously and, for all of those who have access to patient notes, that access is controlled so there are different levels of access on a need-to-know basis," he added.
Big Brother Watch is a group which campaigns on privacy issues and was set up by the founders of the TaxPayers' Alliance.