Report urges widespread reform of handling of NHS data

BMJ 1997; 315 doi: (Published 13 December 1997) Cite this as: BMJ 1997;315:1559
  1. Douglas Carnall
  1. BMJ

    Personal health data flow freely from clinical to administrative settings in the NHS, and action is required to ensure confidentiality, says an independent review group chaired by Dame Fiona Caldicott.

    Dame Fiona, principal of Somerville College, Oxford, and a past president of the Royal College of Psychiatrists, was asked to lead the review after the BMA advised doctors not to cooperate in the development of the NHS “net” two years ago. This followed concerns about the increased potential for breaches of security in an already vulnerable system.

    In the review, investigators mapped 86 flows of patient identifiable information for non-clinical use in the NHS, and found that, although all flows were justified, there was “variable awareness” of the requirement for confidentiality outside the clinical setting and a need to reduce information that can identify individuals to a minimum.

    Information technology professionals privately admit that the current NHS systems are vulnerable to external breaches by hackers and to unauthorised use of data by internal staff. One trust's information technology director said: “It's only a matter of time, before, say, the names of all the women in Yorkshire taking the pill are published on the internet.”


    Personal health data often flows freely within the


    The report makes 16 recommendations designed to increase awareness of the problem, agree national frameworks and protocols, and implement technical safeguards such as replacing patients' names and addresses with the NHS number. Health organisations should nominate a senior health professional to act as the guardian of patient confidentiality, and an accreditation system will encourage good practice. A steering group will be set up to develop the administrative framework governing access to confidential patient information and to look at technical ways of protecting patient confidentiality.

    Dr Sandy Macara, chairman of the BMA's council, expressed delight that the department had recognised doctors' concerns at the threat to privacy posed by the increasing use of information technology. “There is still much to be done, but we can all now see where the start line is.” But Dr Fleur Fisher of the Campaign for Medical Privacy said: “The professions are generating personal data that can flow in any direction. Two years after the BMA first dug its heels in, we still have databases built in an unacceptable and unethical way.”

    View Abstract

    Sign in

    Log in through your institution

    Free trial

    Register for a free trial to to receive unlimited access to all content on for 14 days.
    Sign up for a free trial