NHS-wide networking and patient confidentialityBMJ 1995; 311 doi: https://doi.org/10.1136/bmj.311.6996.5 (Published 01 July 1995) Cite this as: BMJ 1995;311:5
- Ross Anderson
- Senior research associate Computer Security Group, Computer Laboratory, University of Cambridge, Cambridge CB2 3QG
Britain seems headed for a poor solution
The NHS is spending a nine figure sum on building a nationwide computer network, with the aim of making access to administrative and health records easier. For example, if a patient from another part of the country comes into a surgery complaining of abdominal pain, states that it is a recurrence of a chronic complaint, but is unable to say what, then online access to his or her records would be convenient and might occasionally save life.
But wider access brings with it a problem that the NHS has ignored--the threat of aggregation. At present, hospitals make do with relatively little security; after all, not many people will walk into a ward and steal a file from the note trolley. But once the records are aggregated into a database covering tens of millions of patients, that database will be a major target for data thieves, blackmailers, and others with less than altruistic motives. Evidence for this comes from the military, the banking industry, and the American health care system.
Firstly, soldiers know that if you gather a lot of information together then the collection may be …