Clinicians warn CRS will damage confidentiality
- 14 July 2006
Concerns about the negative impact that the planned national database of patient records, the NHS Care Record Service national record, will have on patient confidentiality have been voiced by frontline doctors,
Writing in the British Medical Journal several doctors set out their concerns about the impact on patient confidentiality of the creation one database containing the records of all 50 million people in England. A source of particular concern is that this database will be accessible by all NHS staff.
Michael Foley, a consultant anaesthetist at James Cook University Hospital, Middlesbrough, said that the electronic patient record system was “a direct and serious threat to patient confidentiality”. He argued that passwords to existing patient records were sometimes shared and computer screens left on in open view.
Foley writes: “The electronic patient record, whatever its political or bureaucratic attractions, is intrinsically incompatible with a confidential relationship between doctor and patient and we should advise our patients of this.”
He warns that workers in hospitals or general practice surgeries might seek inappropriate access to medical records because of curiosity or malice, commercial gain, or simple error.
"If screens are left on in open areas or passwords compromised, tracing of access for disciplinary purposes would be difficult. If challenged after a breach of security one could argue that data were requested accidentally. I occasionally enter a wrong number into the radiology viewing system and see unwanted images. Such errors are inevitable."
Trainee doctor Amir Ismir said that in his experience patient confidentiality was often already being compromised as doctors frequently share passwords for electronic patient records and hospital computer systems as it is difficult and often time consuming to attain their own passwords, particularly for locum doctors.
Anthony Winston, a consultant in eating disorders at Warwick University, said patients should have the right to choose whether their medical details are added to the database.
Dr Paul Cundy, Joint chair Joint IT Committee of the General Practitioners Committee and the Royal College of General Practitioners, said the need to obtain active consent from patients for their record to be shared and accessed was fundamental.
“The key is that patients and clinicians must have confidence that information will be secure and shared only with patient consent,” said Dr Cundy.