NPfIT security warning after NHS staff view celebrity record

This a longer version of an article published in Computer Weekly and on

An NHS primary care trust has warned of a new risk to the confidentiality of medical records stored under the National Programme for IT [NPfIT] after a celebrity was admitted into hospital and more than 50 staff viewed the patient’s records.

The warning by North Tees Primary Care Trust raises questions about whether hundreds of thousands of NHS staff who would be able to view electronic records under the NPfIT would have their accesses to information policed robustly.

Systems that support electronic patient records – a central part of the NPfIT – produce audit trails of who has accessed what information. But it’s unclear whether busy NHS employees would have adequate time to police audit trails

And Computer Weekly has published evidence of a culture in the NHS that is incompatible with tight lax security. Smartcards have been shared so that busy doctors can share PCs without having to log on and off each time. This means it can prove difficult to establish who has accessed confidential patient information.

North Tees Primary Care Trust says that the unauthorised access by staff of patient records presents a “new security risk” under the Department of Health’s Care Record Guarantee – which gives an undertaking to patients that their confidential data will be protected from unauthorised access.

The trust says in a paper to the Board:

“A new security risk … has been identified as part of the Care Records Guarantee. This risk is around staff inappropriately accessing [a] patient’s records who are not part of their care load. It was noted in an audit that a recent admission of a celebrity to a hospital had revealed over 50 staff viewing the patient record… Staff should only access records of patients with whom they have a legitimate relationship.”

The document paper adds that trusts have to demonstrate that regular audits are undertaken and that they have “disciplinary procedures in place to deal with breaches”.

If staff wanted to access the medical records of a well-known individual or anyone else they were interested in, the risk with paper-based medical records would be smaller because the files would ordinarily be held in one location, and may not be accessible remotely. It’s unlikely that dozens of staff could view a paper record without drawing attention to themselves.

Evidence on the security risks of electronic records was submitted to the House of Commons’ Health Committee by the UK Computing Research Committee, which is an expert panel of the British Computer Society, the Institution of of Engineering and Technology and IT-related scientists.

It said: “As a general principle, a single system accessible by all NHS employees from all trusts maximises rather than minimises the risk of a security breach. It increases … the opportunity for access to any one patient’s data from some point on the extended system… it is important that a formal analysis is carried out to identify risks and show that they have been reduced as low as reasonably practicable.”

A spokesman for North Tees Primary Care Trust said the accessing of a celebrity’s records took place elsewhere, not within the trust. The spokesman was unable to give any details of the incident or where it took place.


Smartcard sharing by an NHS trust – a breach of IT security or a practical way around slow access to the NHS Care Records Service?

Care Record Guarantee [for example on the confidentiality of patient data]

Loss of 1.3 million sensitive medical files in the US – possible implications for the NHS’s National Programme for IT

Department of Health and Connecting for Health security flaws

Major reports on NHS and NPfIT

Evidence submitted by UK Computing Research Committee to the Health Committee on the Electronic Patient Record

Report raises further NPfIT concerns – British Computer Society [Security]