Intended for healthcare professionals

Information In Practice

Privacy in clinical information systems in secondary careCommentary: Let's discuss wider social and professional issuesCommentary: Organisational and cultural aspects are also important

BMJ 1999; 318 doi: (Published 15 May 1999) Cite this as: BMJ 1999;318:1328

Privacy in clinical information systems in secondary care

  1. Ian Denley, senior analysta,
  2. Simon Weston Smith, consultant haematologist (
  1. aSystem C, Maidstone ME14 1SR
  2. bConquest Hospital, St Leonard's on Sea TN37 7RD
  1. Correspondence to: Dr Weston Smith
  • Accepted 23 October 1998

Two years ago Sunday Times reporters were able to gain access to the private medical records of Dr Sandy Macara by paying a small fee to a commercial agency. As computerised clinical information systems that are capable of holding large amounts of high quality information become more widespread in NHS trusts, the privacy of patient information is becoming an increasingly important issue. Lack of privacy can be damaging to both the patient and the organisation concerned. For example, Barber cites the following problems1:

  • Personal safety

  • Infringement of personal privacy

  • Loss of public confidence in the organisation (such as an NHS trust)

  • Failure to meet legal obligations

  • Financial loss and disruption of activities.

In the BMA consultation document Security in Clinical Information Systems Anderson identifies nine principles governing the design of a clinical information system meeting the requirements for patient privacy.2 Doubts have been raised about the feasibility of adopting the code for governing access to patients' electronic records in secondary care. Our experience is that the principles are achievable.

This article is based on our experience of a large scale clinical information system in use in three British hospitals—Conquest Hospital, Hastings; Aintree Hospital, Liverpool; and Royal Devon and Exeter Hospital, Exeter. We describe the approach taken to ensuring control over access to confidential patient information on the basis of expected relationships between staff and patients.

Summary points

  • The electronic patient record threatens to make private health information readily available for misuse

  • Principles can be applied to the electronic patient record to maximise privacy, but professionals in healthcare information technology have been reluctant to adopt these principles on the basis that they would be expensive to implement and unwieldy to maintain

  • Failure to adopt adequate security may prove to be even more expensive, however

  • Fundamental to patient privacy is the …

View Full Text