Health records a target for 'the wicked'

21 Nov 2007

Richard Jeavons, senior responsible owner for service implementation at Connecting for Health has admitted to the Commons Home Affairs Committee that the NHS Care Records Service database is open to misuse by “the wicked”.

Given evidence to the committee, as part of their inquiry into ‘A Surveillance Society’, Jeavons, who is also director of IT implementation at the Department of Health, said that some people would attempt to misuse data, and every effort would be made to stop them.

According to BBC News online, Labour MP Margaret Moran asked Jeavons: “Even if we get the technology right, the problem is abuse by people or misuse of data. How confident are you that there won't be problems over data and privacy?”

He replied: “You cannot stop the wicked doing wicked things with information and patient data...of course, we have examples where staff do abuse their privileges and have to be pursued through disciplinary procedures.”

He added that the government had to “make sure” that people who abused the system knew they were “going to get caught” and that these instances would be “pursued”.

Last week, the Department of Health refused to make public breaches of security in their response to the Health Select Committee’s report on the electronic patient record.

Instead, the DH said that they supported calls from the Information Commissioner to increase penalties for breaches of the Data Protection Act and to look into guidance and training for NHS staff on the risks of being duped and consequences which would face anybody who improperly disclosed information

This followed reports that the records of a celebrity were illicitly viewed by over 50 members of staff at an NHS hospital in the North-east.

In the hearing, the MPs were told different departments could not share information without legal guidelines being followed and rights of access clarified.

Clare Moriarty, constitution director at the Ministry of Justice, said efforts to make data protection as “robust” as possible were essential.

Questioned as to whether information had sometimes gone between departments unofficially, she replied: “I'm not aware of any department sharing data by stealth.”

Government chief information officer John Suffolk told the MPs that setting up a nationwide database going across Whitehall departments and other government agencies would create more problems.

He said: “When you work at a national scale, to continue to put more eggs in a single basket is a foolhardy approach.”

The Home Affairs Committee meeting was held earlier this week as news broke of the major accidental loss of data at HM Customs and Revenue.

Reader's Comments

Health records a target for 'the wicked'

22 Nov 07 13:00

And the stupid. Dont forget the stupid. And the gullible. They dont get enough attention. In the real world its the stupid and the gullible you have to watch, wicked people are a doddle.

I'm not aware of any department sharing data by stealth.”

22 Nov 07 18:54

PCTs extracting indentifiable data from GP systems, sometimes without even telling the practice what is on the USB stick they have tucked in their bag...? Barclaycard are now telling all their customers that they plan to swap their cards for a combined Oyster card, thereby giving their bank details to Transport for London, with the right to pass it on to the Police if they ask for it. You have the right to opt out, if you read right to the bottom of the long letter..... Entrust my medical details to this Government? I don't think so....

Enhanced professionalism can drive up quality and reduce risk

23 Nov 07 21:01

Quote -- "staff do abuse their privileges and have to be pursued through disciplinary procedures.”

The disciplinary procedures within organisations can be complemented by individuals registering and signing up to the UKCHIP Code of Conduct. At present voluntary, when strong recognition by employers is gained, accreditation and registration will provide a more mature profession for health informaticians, and the likelihood of priviledge abuse could lessen.

Cure rather than prevent?

stressfreedave@hotmail.com

24 Nov 07 20:46

Taking action against staff after they have accessed it is a bit late and some people seem to be missing an important point. The amount of people getting permission to access the data has increased over the years (I had to de-register from the NHS twice to stop a few people accessing my records and now that I'm back with the NHS, my GP has had to keep my info off databases and keep my paper records locked away to stop staff looking through them).

I have upset people in the past about my comments about the likes of Calldicott Gaurdains but I still dont trust them or the NHS. It is no use talking about 'protecting' patient data from 'un-authorised access' when the list of authorised people is increasing all the time.

As for the consent model. A few basic points: 1) Info about data sharing was actually withheld from patients (no mention of SUS or the hundereds of thousands of others with access). 2) Research in Scotland has shown 'implied consent' is not enough.