Intended for healthcare professionals


New guidance aims to protect patient records

BMJ 1996; 312 doi: (Published 16 March 1996) Cite this as: BMJ 1996;312:659

Guidelines on protecting patient information were issued last week by the Department of Health because of the ease with which confidential personal information can nowadays be passed within the NHS, often by computer. The aim is to remind all concerned that there is a legal duty to protect patient confidentiality.

Patient information is protected by the common law duty of confidence and by the Data Protection Act, as well as by ethical duties of confidence. A recently adopted European directive on data protection must be implemented by October 1998.

All NHS organisations are being told to adopt clear policies and procedures on the use and protection of patient information. They are to review their security arrangements by the end of July and implement any remedial action by November. The 24 page guidance, The Protection and Use of Patient Information, deals with the circumstances in which information may be passed on and how to keep patients informed about the ways in which information on them is used.

When anonymised information would be sufficient for a particular purpose, the guidance states that identifiable details should be omitted wherever possible. The document contains a specimen “notice for patients” about their rights and the use of information on them, which may be handed out. A computer security manual is to be issued shortly.—JOHN WARDEN, parliamentary correspondent, BMJ