Skip to main content

25-02-2013 | Article

Are medical records safe online?

In a week when Apple became victim of a cyber attack, following a similar recent assault on Facebook (click here), and another on the New York Times (click here), the safety of online medical records was also highlighted. These events made me question: If high-tech, sophisticated and wealthy corporations can fall victim to hacking, how can the NHS prevent this happening?

We should be keen to promote transparency and easier access to medical records, and encourage patients to take more responsibility for their own health; placing medical records online and allowing patients to view them securely helps to promote all of these goals. In this modern world, publishing medical records online follows the trend of digitisation which is happening all around us. Yet there is significant unease about all of this, with security concerns at its core.

As reported by Univadis Medical News (click here), "less than one third of doctors believe that giving patients access to medical records online is a good idea, according to a Medical Protection Society survey".

And it is not just the doctors who are uncomfortable with it. The Univadis article also states: "Results were similar for 1,766 members of the general public who were also surveyed, with 73% against sensitive information being put online, and 80% concerned about security."

I am in agreement with the consensus of the respondents and believe that, despite the obvious advantages, we are simply not yet ready to place medical records online. When this rich treasure trove of confidential data is published "securely" it will undoubtedly attract hackers keen to unlock its secrets. It seems almost certain that they will target celebrities and politicians, as well as ordinary people, to see if there is anything of value in their records.

If companies like Apple and Facebook cannot secure their realms, it raises serious doubts that the NHS can produce a fail-safe system. I hope that the government will take these concerns on board and think again about this policy. If patients want to access their clinical records, it is now relatively easy to do so in both primary or secondary care. However, security breaches of web-based records could seriously damage the trust central to the doctor-patient relationship - something none of us would want.

Best wishes,


Dr Harry Brown, editor-in-chief Univadis

Dr Harry Brown