European judgement casts doubts on NHS CRS consent

  • 25 July 2008

A GP campaigning against the consent model for the NHS Care Records Service (NCRS) claims a European Court of Human Rights judgement reinforces his view that the NHS database is unlawful.

In a judgement published last week the European Court of Human Rights ruled that a nurse in Finland had her right to privacy breached. The nurse had been attending a clinic for treatment of HIV and at the same time was working in a different department of the same hospital. It became apparent that staff in her work department had looked at her computerised medical record and she was denied subsequent employment.

The European Court of Human Rights ruled that there had been a violation of article eight of the European Convention on Human Rights and awarded the nurse compensation.

Dr Paul Thornton, a GP in Warwickshire who has been campaigning against the legality of the NCRS, claims the judgement confirms that health care staff who are not involved in the care of a patient must be unable to access that patient’s electronic medical record.

The court judgement states: “What is required in this connection is practical and effective protection to exclude any possibility of unauthorised access occurring in the first place.”

Dr Thornton said that although the NHS database offers safeguards that were missing in the Finnish case, with access controlled by smartcards, an audit trail of all record accesses and the requirement for staff to have a legitimate relationship with the patient, such mechanisms were not enough to protect patients’ privacy.

He said large numbers of UK staff would be able, although not allowed, to access the records of large numbers of patients who were not under their direct care.

He said: “The judgement is clear that an ‘audit trail’ that would retrospectively identify staff who have accessed records inappropriately does not provide sufficient protection.”

Dr Thornton has lodged a Freedom of Information Act appeal with the Information Commissioner in an attempt to get the Department of Health to release its legal advice on the legal status of the electronic health information stored as part of the NCRS.

He added: “Doctors have grave concerns that the NHS database breaches patient confidentiality. The scenario in this Finnish case exactly illustrates the problems that will arise in the UK.”

Fiona Barr

Links

European Court of Human Rights judgement

Related articles

FoI appeal on summary records legal status

European Court fines Finland for data breach

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

GPs face EMIS IT outage at busiest time of the week

GPs face EMIS IT outage at busiest time of the week

An outage to the EMIS IT system caused “chaos” for GPs in England when access was cut off to appointment booking systems and patient records.
Isle of Wight to launch digital consent platform from Pitchfest finalist

Isle of Wight to launch digital consent platform from Pitchfest finalist

Isle of Wight NHS Trust will launch a digital consent platform created by former Digital Health Rewired Pitchfest finalist Concentric Health.
One in five GPs using AI tools in clinical practice, finds BMJ survey

One in five GPs using AI tools in clinical practice, finds BMJ survey

An online survey of UK GPs by the BMJ has revealed that one in five are using generative AI tools such as ChatGPT in clinical…