Record breaches to be kept secret
Patients and their GPs will not be told if there are security alerts involving their Summary Care Records, Pulse can reveal.
Connecting for Health has admitted it does not plan to contact them if security alerts are triggered after the rollout of the controversial new electronic records system.
Instead any alerts, set off if someone not directly responsible for a patient's care accesses their record, will be sent to PCT Caldicott Guardians, appointed to oversee confidentiality. They will decide if the alert is a genuine breach and then whether to alert the patient and GP.
However, an expert witness to the Health Select Committee's inquiry into the rollout of electronic care records this week told Pulse the safeguard was flawed because Caldicott Guardians will be under pressure not to report alerts.
Professor Ross Anderson, professor in security engineering at the University of Cambridge, said: ‘Security breaches won't be reported to patients because that would distress them – or because it would set the cat among the pigeons.'
Dr Gillian Braunold, GP clinical lead for Connecting for Health, said while Caldicott Guardians would not investigate every alert, they would identify the most serious.
Information on alerts would also be made available to patients on request, she added.