This site is intended for health professionals only

At the heart of general practice since 1960

Read the latest issue online

A faulty production line

Making sure you safeguard your patient data

Patient data falling into the wrong hands can be disastrous – Dr Roy Sharma advises how to protect yours

By Roy Sharma

Patient data falling into the wrong hands can be disastrous – Dr Roy Sharma advises how to protect yours

It's been a season of data scandals. Not only has the Government been losing confidential records, but so have doctors and NHS managers. How do you respond to this? Do you think ‘it will never happen to me' or ‘there but for the grace of God go I'?

Does your practice have systems to safeguard patient data? What is reasonable, what is too slack, what is overkill?

When it comes to safeguarding data, you need to ask these questions:

• Does the person requesting the information have the right to know?

• Have you thought through the risks?

• Are you exercising reasonable care?

Practices should have a written policy on data security and a nominated member of staff responsible for co-ordinating it. This policy could be uniform across a PCT or tailored to a practice's needs. Policies should be reviewed regularly as new threats and technologies arise.

Exchanging patient information

Exchanging information can be problematic. A transfer between two clinicians should be safe, even if it comes via a secretary. All staff employed in general practice must understand they act in confidence. In a small village there will inevitably be times when staff know the people they are dealing with – but maintaining confidentiality must be part of their employment terms.

The next problem lies in choosing how to transmit information. You should ensure you know where information has gone and minimise the risk of error. To this end:

• Confidential faxes must go to recipients on pre-programmed quick keys

• Emails should go via a confirmed address (the Global Address Book is hopelessly out of date) and should be encrypted

• Letters should be put in window envelopes to minimise the risk of mixing up address labels.

Security can be complex or simple – and risks assessed as part of the practice policy. A single referral to a consultant should be safe if sent in the post or by password-protected email – with the recipient being phoned or faxed separately with the password. We probably have to trust electronic referral systems to have security designed in – but do we ever query this?

Safeguarding practice data

Data on the whole practice deserves good protection. How do you achieve this without slowing life to a crawl? Sadly this is a neglected area. You should be asking:

• Do you send tapes to your system suppliers for data validation?

• How safe are these? Are they protected by anything more clever than the system password (which is probably known to thousands of people)?

• How can you persuade your system supplier to increase security? This is not an issue when everything goes to plan – but when a tape carrying sensitive information does not arrive, it certainly is. Bespoke couriers are no greater comfort than the Royal Mail when things go wrong, and when they do, you should be able to show you have made your choices reasonably.

Requests from NHS organisations

Requests for information by external NHS bodies, such as PCTs or even the Healthcare Commission, are frequent and often precipitate. Remember to ask:

• Who is getting the information?

• Do they have the right to it?

• Anonymised totals are one thing, but do personnel also need to come to the practice and verify information by going through the computer system? The QOF does require this periodically, but PCTs require staff undertaking visits to guarantee confidentiality explicitly.

Information can now be extracted directly via remote MYQEST queries. Practices have a duty to scrutinise these before agreeing to their use and need to be sure they are not letting confidential patient information through.

Unfortunately, I have heard of a practice in the Midlands that discovered other NHS organisations using these tools to tap into their database remotely. This is worrying and makes me feel PCTs, in exchange for the access we grant them, should help us install vigilance systems guarding against this type of snooping.

Non-medical sources

How do you handle requests from non-medical sources – lawyers, the police or the DVLA? It can be intimidating to have uniformed police come through the waiting room. Always stop, think and check with someone – such as the practice manager or another partner – before responding. Sharing decisions often brings issues to light. Consider the following:

• Is it an issue of public protection?

• Is child protection law being invoked?

• Can you get the consent of the person concerned? If they are dead, how is consent given and who should give it?

The Data Protection Act, the Children Act and other public safety issues can override medical confidentiality. There is surprisingly clear and practical guidance on the Data Protection Act from the Information Commissioner's Office on with links to sections on prevention or detection of criminal acts.

Medical ethics are less black and white. Guidance from the GMC, the BMA or defence bodies is available on their websites. The GMC says: ‘Disclosures in the public interest are justified where a failure to disclose information would put the patient, or someone else, at risk of death or serious harm. A disclosure may assist in the prevention, detection or prosecution of a serious crime.'

This guidance covers disclosures from drivers with fits, to patients with stab or gunshot wounds – but it is always helpful to share your decision with a colleague and get patient consent where possible.

Requests from lawyers require a critical response. You need to ask:

• Whose side are they on and who has given or taken consent?

• Is the request from a clerk or secretary?

• Is it dated recently?

• Would you be better being sure the request and patient consent is via a senior person or partner in the firm who can be held responsible?

• Does your patient understand what consent means when ‘all records' are requested? I phone patients when I see requests for ‘all records' and am often told they did not realise it includes information irrelevant to the case concerned.

Information outside the surgery

The need to work on information outside the surgery raises issues. I have a PDA for home visits that synchronises with patient records at the practice. EMIS, understanding the laxity around passwords on PDAs, enabled its program only if I set and used a password.

If staff wish to work from home, it is safer to implement proper home working, with passwords and timeout screens, than risk transporting data on USB sticks and CDs.

• You can get great USB sticks with fingerprint recognition and encryption – but these have crashed my home PC and I think the technology needs to improve

• Laptops commonly have fingerprint recognition and users get at least a level of safety that will defeat the casual thief

• Wireless networks should use at least 128-bit wired equivalent privacy (WEP) encryption and be set to recognise only approved media access control (MAC) addresses.

IT policies should be sensible and proportionate, and make it easier to work within the system than take a shortcut.

Dr Roy Sharma is a GP in Lydney, Gloucestershire

fay_wilson_stamp.gif Safeguarding data

Rate this article 

Click to rate

  • 1 star out of 5
  • 2 stars out of 5
  • 3 stars out of 5
  • 4 stars out of 5
  • 5 stars out of 5

0 out of 5 stars

Have your say