Clinical system security: interim guidelinesBMJ 1996; 312 doi: https://doi.org/10.1136/bmj.312.7023.109 (Published 13 January 1996) Cite this as: BMJ 1996;312:109
- Ross Anderson, lecturera
- a Computer Laboratory, University of Cambridge, Cambridge CB2 3QG
The BMA asked Ross Anderson to draw up interim guidelines on maintaining security in computerised patient information systems. We publish them here together with the principles on which they are based. The guidelines are designed to help clinicians avoid the most common serious mistakes in computer security and are being published to stimulate discussion of the issues. The principles are discussed fully in “Security in Clinical Information Systems,” which is available from the BMA (Dr Fleur Fisher, Department of Ethics, Science, and Information).
Recent articles have illustrated several threats to the confidentiality of personal health information. Many medical records can be easily obtained by private detectives, who typically telephone a general practice, family health services authority, or hospital and pretend to be the secretary of a doctor giving emergency treatment to the person who is the subject of the investigation. One article found that most patients' personal health information could be compromised in this way and was routinely sold by agencies for as little as pounds sterling150.1 2 Nationwide health networking is also seen as a further threat to confidentiality because health records will be available to many more people. These interim guidelines have therefore been drawn up to help tackle the pressing short term concerns; they are supplementary to existing documentation such as The Handbook of Information Security.3
The main threat to the confidentiality of clinical records is carelessness about telephone inquiries of the kind described above. This threat may be largely eliminated if staff follow a number of common sense rules that the best practices have used for years and that are now agreed by the NHS Executive. Whether records are computerised or not, these rules of best practice can be summed up as: clinician-consent-call back-care-commit:
only a clinician should release personal health information. It should …