Electronic data protection: procedures need drastic improvementBMJ 2005; 330 doi: https://doi.org/10.1136/bmj.330.7490.537 (Published 03 March 2005) Cite this as: BMJ 2005;330:537
All rapid responses
Rapid responses are electronic comments to the editor. They enable our users to debate issues raised in articles published on bmj.com. A rapid response is first posted online. If you need the URL (web address) of an individual response, simply click on the response headline and copy the URL from the browser window. A proportion of responses will, after editing, be published online and in the print journal as letters, which are indexed in PubMed. Rapid responses are not indexed in PubMed and they are not journal articles. The BMJ reserves the right to remove responses which are being wilfully misrepresented as published articles or when it is brought to our attention that a response spreads misinformation.
From March 2022, the word limit for rapid responses will be 600 words not including references and author details. We will no longer post responses that exceed this limit.
The word limit for letters selected from posted responses remains 300 words.
Mole et al have clearly highlighted the lack of
understanding and concern by clinicians in the electronic
storage of patient data on personal computers . The
specific example of the surgical logbook demonstrates how
misunderstanding of guidance can lead to inadvertent
breaches of the data protection act, an act which since
1998 applies also to written records.
Logbooks are of course important evidence of procedural
experience and will become essential as the modifications
to training lead to decreased total hours worked before
trainees are expected to work as consultants. The logbook
format for surgical (BST) trainees as recommended by the
Royal College of Surgeons of England incorporates the
hospital number and age, but no further identifying
features or date of birth.
Since the changes to the data protection act there have
been increasing concerns about the data which can and
cannot be stored and who may have access to it. According
to the act, only persons storing identifiable personal
data need register, where such information is defined as
"data which relate to a living individual who can be
identified (a) from these data, or (b) from these data and
other information which is in the possession of, or likely
to come into the possession of, the data
controller..." . The hospital number alone does not
allow patient identification without cross-reference with
the hospital system to which the public do not have
access. It would seem that storage of a logbook in the
format suggested by the Royal College of Surgeons would
not breach the data protection act.
Furthermore, kept strictly to guidelines the electronic
logbook may be less liable to inadvertent breaches than
its paper counterpart. A well designed proforma may be far
less risky than an address label with complete contact
details hastily stuck into a tatty book. Should such a
book be lost, its content is clear and manifest; the
electronic form requires someone to search for information
on the device. Moreover, electronic data can, and indeed
should, be protected by encryption and password.
Security of information systems must be seen to complement
and not replace thought on what data should be collected
and stored with reference to the purpose for which it is
required. Even in research and audit, there is rarely
need to store information relating to patient identity
beyond hospital number, as this allows easy identification
of records in conjunction with use of the hospital data
system to which the researcher has easy access. The lack
of understanding about data protection that Mole et al
have highlighted would suggest that clinicians need more
guidance and training on these issues and that trusts
should consider publishing guidelines on the proper use of
It must be stressed that issues with security of patient
data is not limited to the electronic domain. How many of
us have returned home in the evening with a patient
addressograph adherent to the back of our tie, or a list
of patients or operating list in our back pockets? The
caution to be applied to storage and movement of
electronic information is as important with paper
documents. The authors' suggestion of routine electronic
data shredding is a good one, but we must not forget to
continue our attention to paper shredding of sensitive
information both in hospital and at home.
 Mole D, Fox C, Napolitano G. Electronic data
protection : procedures need drastic improvement. BMJ
 Data Protection Act 1998.
www.hmso.gov.uk/acts/acts1998/19980029.htm (accessed 14
Competing interests: No competing interests