vigilant.tv

The Foundation for Information Policy Research says public servants with access to National Health Service database provide as many as 200,000 patient records per year to investigators making requests under false pretenses. Nothing has been done to rectify the problem since a BMA report recommended changes in 1996.

Current NHS strategy is focused on creating a central electronic patient record. There is already a "clearing" database that records payments made for all hospital treatment, along with the names and addresses of patients. Other medical databases available to ministers and civil servants contain enough information to identify the vast majority of the patients. FIPR believes that making this information available to so many NHS administrators and civil servants is unethical and will lead to growing abuse.

FIPR recommends that the NHS should instead concentrate on preventing existing abuse. For example, the British Medical Association recommended in 1996 that telephone requests to a health authority or provider for patient information should be logged, approved by a clinician and then authenticated by calling back to a telephone number in the NHS directory. A pilot of this scheme in one health authority exposed 30 phone calls per week made under false pretences. This suggests that over 200,000 attempts are made every year to get health information on patients, by investigators who call up pretending to be doctors or administrators. Most of these attempts currently succeed. Yet with the basic telephone discipline tested in the pilot scheme, the great majority of them could be stopped. But instead of extending this scheme across the country, NHS managers shelved it.

- FIPR, NHS Systems Fail to Protect Patient Confidentiality.

See also The Register, NHS patient privacy? What patient privacy!.