Protecting patient data from prying eyes

Gordon Brown’s allegations about how The Sun discovered his son Fraser had cystic fibrosis have put the issue of NHS data security back into the limelight once again.

Two decades as a journalist, and a good few years in PR (sometimes helping the health service with crisis management) has taught me a lot about how confidential information can be accessed.

A big problem has often been the records systems themselves. With paper-based systems, and many electronic ones, a clinician could phone the records department, ask for a file to be pulled, and have information read to them. There were always concerns that a strident-voiced impersonator claiming to be Dr X, and demanding immediate information, might frighten some poor clerk into making a mistake. More than once I was contacted by records staff who’d had suspicious callers asking about high profile patients. Many calls are untraceable so we could never prove who made them.

However, major improvements are being made and shifting from paper to electronic systems is the essential starting point. A European journalist proved this point by calling hospitals under an assumed name and asking for paper files to be sent to him – quite a few were. A paper system is essentially uncontrollable, you can never be sure if files are safe, they are easy to access and often go missing. Having said that we are now well aware that a poor electronic system, and failures to encrypt or anonymise patient data, can be disastrous.

There can be two prime areas of weakness in electronic systems. The first is that too many people can reach data not strictly relevant to their work and the second is a poor audit trail. There might always be problems over breadth of access because information sometimes needs to be shared among a whole group of staff. There will also be people who, for many motives, abuse their access rights. That’s what makes the second part so vital. An example came up in Fife when the health board had to contact Scottish politicians, broadcasters and footballers to tell them their records might have been inappropriately accessed. Despite the board’s embarrassment this was, to some extent, a good news story because they could trace the problems back to a daft doctor who seemed to be looking up famous folk out of sheer curiosity.

At least the Fife victims could be assured that their records were unlikely to crop up in a tabloid – or worse. And much worse things could happen than an embarrassing newspaper story. The criminal possibilities of illicit access to records, not least for blackmailers, should make anyone shudder. Having an audit trail for every piece of patient information is vital in order to identify and confront security breaches and data loss of every kind. That in turn means that data access needs to be monitored for unusual activity. These are areas where the NHS still has much to do, though thankfully the technology is increasingly available for them to spot and stop breaches.

For anyone who is in any doubt about the scale of the problem, in 2010 the deputy data commissioner David Smith stated that around one third of all security breaches (some 270 in a little over two years) were from the NHS. And while I dislike clichés like ‘tip of the iceberg’ I’d suggest from my own experience, and the fact that the reporting scheme is voluntary, that this is a significant understatement.

What do health tech leaders want from the general election campaign?
Secrets from the algorithm: insights from Google’s Search Content Warehouse API leak
What will the general election mean for the NHS and health tech?
Back to (business school) basics
NHS finances: cuts get real