'We must be reassured that patients' records will be protected appropriately'

HM Revenue and Customs last week lost the details of 25 million people. Steve McNally looks at the implications for the planned database of medical records for 50 million NHS patients in England

In December 2003, the then health secretary John Reid announced a plan for everyone in England to have an individual electronic NHS care record by 2010.

Fast-forward to November 2007. A government department has lost two CDs containing the confidential details of 25 million people – half of the English population. It seems that the disks were due to be posted to the National Audit Office a month earlier and have not been seen since. The police and the Information Commissioner's Office are investigating. Those affected include 15.5 million children whose personal details are on the disks, 7.25 million child benefit claimants – whose bank account details are at risk, and 2.25 million spouses or partners of claimants.

It is thought that the greatest danger arising from this fiasco is of identity fraud, whereby the victim's name and address are used to apply for credit. A criminal with access to information such as a child's date of birth, child benefit number, claimant's national insurance number and bank account details could phone the bank posing as the claimant and saying they are unable to remember their password.

How does this catastrophic blow to public confidence fit with the proposal to create a national database of patients' records? This is a rhetorical question, of course, since serious concerns had already been expressed about the records' vulnerability prior to this debacle. It was recently reported that almost two-thirds of GPs intend to boycott the scheme.

Suspicion appears to be widespread among GPs that sensitive personal data could be stolen by hackers and blackmailers. Responses to a recent online poll of 1,000 doctors indicated that 59% of GPs in England would be unwilling to upload any record without the patient's consent. In one anonymous response, a GP wondered whether 'the innermost secrets of our politicians, actors and personalities' would be 'revealed to all and sundry'.

A further 30% of respondents were 'unsure' while 11% thought they were likely to comply with the government's proposal.

Nurses may also have grave concerns about the implementation of the scheme. The key mission of the NMC is public protection. Indeed, our profession (and code of conduct) places an emphasis on consent and confidentiality, which may not be compatible with an electronic patient record unless it is secure.

Consider this scenario: at a GP practice supporting say, 10,000 patients, a file goes missing. The number of people with access to the file would be small, possibly 10–15 individuals. The potential does exist for confidentiality to be compromised but this is limited. In an electronic care record system for England, 50 million patient records would be accessible to tens of thousands of health and social care professionals.

The figure of 300,000 staff approved for access has been suggested. This represents a colossal increase in the potential for breaches of confidentiality. What would be the consequence of this vast database, or part of it, being accessed by an unauthorised individual?

On a positive note, a proposed benefit of the electronic record is that patients would have access to all their healthcare information at a central point and could be more involved in making decisions about their own care and treatment. A trial in the Bolton area, where fewer than 1% of patients opted out, has involved placing 50,000 records onto a database. It has made information, such as details of medication and allergies, available to doctors providing out-of-hours care. 

We are in the era of electronic government but, for a database of such sensitive information to work, health professionals including nurses need to be reassured that patients' records are protected appropriately. Patients must have confidence in the system before any scheme can proceed nationally. In the jargon, the 'system architecture' must be robust. Even then, specific consent should be obtained from patients before any information is uploaded. Nurses cannot support this scheme without the assurance of effective safeguards to protect the public.

Steve McNally, PhD, is a registered nurse (learning disabilities, mental health)

Do you agree with the opinions expressed in this article? Have your say on nursingtimes.net by clicking on Forums