Page last updated at 19:53 GMT, Thursday, 29 November 2007

Fears over NHS patients' records

Matthew Hill
Health correspondent, BBC West

Hospital patient
Patient confidentiality has been breached several times

Patients' confidential medical records are regularly being accessed by people who have no right to them, research by the BBC has revealed.

Figures obtained under the Freedom of Information Act reveal that in the last year there have been several data security breaches in the West.

Confidential medical records should only ever be seen by doctors and nurses who are working with the patient concerned, with the government spending some £13bn to digitise the medical records of every patient in Britain.

By 2010, the NHS Care Records scheme aims to have an electronic NHS Care Record for all patients.

The record will detail the key treatments and care given to each of the NHS's 50 million patients.

An employer of a relatively small computer supplier to the NHS was looking up information about one of his relatives
Dr Harry Yoxall
But in the last year there have been incidents in Gloucester and Cheltenham where staff have shared passwords, giving unauthorised people access to confidential records.

At Bath's Royal United Hospital the same type of breach took place while breaches of security also took place in Swindon and Bristol.

The North Bristol NHS Trust has reported catching a member of staff looking at friends' records, although they were just issued with a warning.

The NHS electronic patients' record has an electronic audit trail built into the system that shows who has accessed what record, how and why, and for how long. Any pattern of unusual activity can be flagged-up and appropriate action taken.

Medical records

Somerset GP Dr Harry Yoxall told of two instances he encountered where records were accessed by inappropriate people.

"On the first occasion an employer of a relatively small computer supplier to the NHS was looking up information about one of his relatives by getting access to a GP medical records system," he said.

"Then an employee of a hospital trust was using his access to their medical system to look up information about one of his relatives."

One campaigner from the pressure group Opt Out is encouraging people to remove themselves from the database system.

Helen Wilkinson said: "My concerns are that they need to put more stringent safeguards in place and also that they need to consider, perhaps, smaller local databases that actually link up, but with explicit patient consent, so that would put the patient in control."

Richard Caves of the South West Strategic Health Authority said: "I am confident that a trust - where it suspects an individual member of his own staff as having unauthorised access to a record - that trusts will be able to take measures to track that down."

Print Sponsor


The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific