Skip to main content

31-10-2011 | Legal medicine | Article

Breaches of patient confidentiality emerge in UK


Full report

MedWire News: The findings of a Freedom of Information request made by a UK watchdog reveal that breaches of patient data occur regularly, up to five times per week, according to the report.

Examples of such breaches include National Health Service (NHS) employees accessing the medical records or medical information of their colleagues or family members, and NHS personnel posting confidential medical information on social networking sites.

"This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected," said Nick Pickles, director of Big Brother Watch (London), the organization that made the request for information.

"The information held in medical records is of huge personal significance and for details to be disclosed, maliciously accessed or lost... represents serious infringements on patient privacy," he added, in a press statement.

The request for information concerned the period July 2008 through July 2011, and 350 NHS Trusts responded to it, indicating that 806 separate breaches of data protection policy had occurred at 152 Trusts over the 3 years.

Of note, 74 Trusts did not respond to Big Brother Watch's request for information and a further 55 Trusts refused to provide all or some of the information. In all, 80% of Trusts gave responses.

A total of 11 Trusts released information relating to the release of patients' medical information on social networking sites by 13 medical personnel. Just one of the instances resulted in dismissal of the employee in question, says the report.

"There can be no acceptable reason for using social media to communicate with patients or other parties and this is clearly not as widely understood as it ought to be," states the report.

At least 129 separate incidents were uncovered of NHS employees using their access to private medical details to discover or disclose information about family members or colleagues. Indeed, 91 of these cases were of employees inappropriately accessing medical information about a colleague at work and 70 involved non-medical NHS personnel.

These scenarios resulted in 20 employees being dismissed.

Furthermore, 57 incidents were reported where confidential information was lost, left behind, or stolen and in a number of these cases, data were not encrypted when stored electronically, or were not properly concealed and secured in the case of paper records, write the report's authors.

Big Brother Watch argues in the report's conclusion that the research "highlights the extent to which increasing access to personal medical records has exceeded a necessary level.

"If NHS staff cannot be trusted to abide by data protection policies when it comes to their colleagues and family, then they raise serious concerns as to the need for them to have any access at all," it adds.

Pickles called for the transparency of the NHS and said that that failure of some Trusts to disclose whether a data breach has taken place is "unacceptable."

By Sarah Guy

Related topics