This is the second time this week that we've had to point out the critical flaws in the security around medical records, which in turn demonstrates why our report Broken Records (which received a typically frosty response from the NHS) was an important contriubtion to the debate on the issue. From Computerworld UK:
An NHS data quality manager has pleaded guilty to illegally going through patients’ medical records. Dale Trever, 22, allegedly looked at records on 431 occasions. All the records were of female patients.
Furthermore, Trever snooped on records relating to family, friends and colleagues on 336 of these occasions.
Trever accessed the records between October 2008 and June 2009, while working at the Hull Primary Care Trust, sometimes at weekends as well.
At Hull Crown Court, Trever pleaded guilty to seven counts of breaching the Computer Misuse Act 1990 by accessing patients’ medical records without authority.
If we can't trust that hospitals and surgeries will keep our medical records confidential, the whole health system fails. This is exactly why the Summary Care Record is being opposed from various quarters and why many people in Britain feel very upset about its clandestine introduction.
What started as a cautionary tale, is now fast becoming an epidemic.
If you don't believe us, just click here and read through a collection of stories we have written about in the past few months that show everyone from local councils, to central government departments losing memory sticks, laptops and files of paper holding confidential information. Today's story from the BBC is a perfect example:
East and North Hertfordshire NHS Trust has been found in breach of data protection after a doctor lost a memory stick on a train.
The junior doctor had recorded details of patients' conditions and medication on the device and was meant to hand it over to the next doctor on shift.
But the doctor forgot and lost the unencrypted device on the way home.
Our patient records report Broken Records was decried by the Government of the time for not being relevant. Yet with every serious data breach ruling by the ICO (and there have been a lot in recent months) the number of non-medical - and indeed medical - personnel with unfettered and easy access to our private medical data becomes more and more pertinent.