An NHS trust at the forefront of work on the £12.7bn NHS
IT scheme has called in police after a breach of smartcard security
compromised the confidentiality of hundreds of electronic
records.
Patients in Hull have expressed their dismay that an
unauthorised NHS employee has accessed their confidential records;
and the local primary care trust, NHS Hull, says it is "shocked" at
the breach of security by a member of staff who has since left.
Details of the breach emerged as health officials in London
were, in an unrelated event,
telling journalists about the start of a roll-out of electronic
records across London, as part of the National Programme for IT
[NPfIT].
The roll-out is part of plans by the Department of Health to
create for 50 million people in England an electronic "summary"
medical record on a central database run by BT.
But doctors say that the breach of security at NHS Hull shows
that an insider with a smartcard can access confidential electronic
records without authorisation, if the person is determined to do
so.
They say that this will deepen the scepticism of some doctors
that centrally-held medical records will remain confidential under
the NPfIT.
Before the advent of NPfIT central databases individual medical
records were retained by GPs or by NHS trusts in specific
areas.
GP Paul Cundy, a former spokesman on GP IT for the British
Medical Association, said of the Hull incident: "This
confidentiality breach, in one of Connecting for Health's showcase
systems, highlights the inherent dangers of the Summary Care Record
and all shared record systems. This is alarming news, but precisely
what was predicted."
Kath Tanfield a director at NHS Hull who is in charge of IT,
says: "It is shocking to us that an individual who takes on a
public service role and who agrees to abide by strict
confidentiality agreements should go on to abuse their position and
violate patients' rights to privacy".
Hull has been working with NHS Connecting for Health and the
NPfIT since 2004, in part on implementing a shared electronic
health record.
NHS Hull has also also working with Connecting for Health on the
pseudonymisation of the controversial Secondary Uses Service - in
which identifiable health records are partially anonymised so they
can used for research purposes by non medical staff.
Hundreds of millions of patient records have been uploaded to
the
Secondary Uses Service database.
NHS Hull, in a joint presentation with NHS CfH, has conceded in
the past that the security of pseudonymised data represents a
potential data problem.
In the security breach, an employee was authorised to use
collated and anonymised patient data during the course of the
person's day to day work, but was not authorised to access
individual patient records.
After the person left, however, NHS Hull discovered that the
person "inappropriately accessed identifiable medical records. The
trust says: "A total of 358 patients [registered at] GP practices
have been affected by this."
The trust has written to the patients whose records were looked
at. It says it is cooperating fully with a police investigation
which is now underway.
NHS Hull's statement on the security breach >>
Sharing patient records - Whitehall consults - IT Projects Blog
>>