Privacy in clinical information systems in secondary careCommentary: Let's discuss wider social and professional issuesCommentary: Organisational and cultural aspects are also importantBMJ 1999; 318 doi: https://doi.org/10.1136/bmj.318.7194.1328 (Published 15 May 1999) Cite this as: BMJ 1999;318:1328
Privacy in clinical information systems in secondary care
- Ian Denley, senior analysta,
- Simon Weston Smith, consultant haematologist (email@example.com)⇓b
- aSystem C, Maidstone ME14 1SR
- bConquest Hospital, St Leonard's on Sea TN37 7RD
- Correspondence to: Dr Weston Smith
- Accepted 23 October 1998
Two years ago Sunday Times reporters were able to gain access to the private medical records of Dr Sandy Macara by paying a small fee to a commercial agency. As computerised clinical information systems that are capable of holding large amounts of high quality information become more widespread in NHS trusts, the privacy of patient information is becoming an increasingly important issue. Lack of privacy can be damaging to both the patient and the organisation concerned. For example, Barber cites the following problems1:
Infringement of personal privacy
Loss of public confidence in the organisation (such as an NHS trust)
Failure to meet legal obligations
Financial loss and disruption of activities.
In the BMA consultation document Security in Clinical Information Systems Anderson identifies nine principles governing the design of a clinical information system meeting the requirements for patient privacy.2 Doubts have been raised about the feasibility of adopting the code for governing access to patients' electronic records in secondary care. Our experience is that the principles are achievable.
This article is based on our experience of a large scale clinical information system in use in three British hospitals—Conquest Hospital, Hastings; Aintree Hospital, Liverpool; and Royal Devon and Exeter Hospital, Exeter. We describe the approach taken to ensuring control over access to confidential patient information on the basis of expected relationships between staff and patients.
The electronic patient record threatens to make private health information readily available for misuse
Principles can be applied to the electronic patient record to maximise privacy, but professionals in healthcare information technology have been reluctant to adopt these principles on the basis that they would be expensive to implement and unwieldy to maintain
Failure to adopt adequate security may prove to be even more expensive, however
Fundamental to patient privacy is the …