This is the second time this week that we've had to point out the critical flaws in the security around medical records, which in turn demonstrates why our report Broken Records (which received a typically frosty response from the NHS) was an important contriubtion to the debate on the issue.
From Computerworld UK:
An NHS data quality manager has pleaded guilty to illegally going through patients’ medical records. Dale Trever, 22, allegedly looked at records on 431 occasions. All the records were of female patients.
Furthermore, Trever snooped on records relating to family, friends and colleagues on 336 of these occasions.
Trever accessed the records between October 2008 and June 2009, while working at the Hull Primary Care Trust, sometimes at weekends as well.
At Hull Crown Court, Trever pleaded guilty to seven counts of breaching the Computer Misuse Act 1990 by accessing patients’ medical records without authority.
If we can't trust that hospitals and surgeries will keep our medical records confidential, the whole health system fails. This is exactly why the Summary Care Record is being opposed from various quarters and why many people in Britain feel very upset about its clandestine introduction.
But will the Coalition listen?
By Dylan Sharpe
No, you are incorrect. The last government specifically said that this wouldn't happen and that there were no privacy concerns with this system... you're not suggesting that the government are a bunch of incompetent clowns who have their heads in the clouds and who talk out of their arses are you?
Posted by: phatboy | 22/09/2010 at 03:59 PM
Why on earth did it take them so long to discover what he was doing? isn't there supposed to be an audit trail system in place to pick this sort of thing up? Another example of the outrageous failings of the NHS and data protection.
Posted by: very concerned | 22/09/2010 at 04:37 PM
Tip of the iceberg I'm sure. I would now never confide any sensitive info to any health professional. What a sorry state of affairs.
Posted by: Dave | 22/09/2010 at 05:07 PM
So if records were kept manually, i.e. on paper, where and how would we be able to trace access to who, why and when records have been viewed? Surely having them computerized is a good thing as long as security is monitored.
Non-Computerized records have a greater risk of being accessed by the wrong people for the wrong reasons.
Records will initially be a summary of medicines and allergies, all sensitive information will have to be approved by the clinician and also the patient; the patient will have the final say of what he/she wants viewable. There will be some exceptions, for example: if a clinician has reasonable evidence that having a summary record is beneficial to the care of the patient then he/she can over write the patient’s choice, (eg. Patients with mental health issues, the welfare of children –especially in child abuse prevention).
Posted by: William Gates | 23/09/2010 at 02:07 PM