Cookie policy notice

By continuing to use this site you agree to our cookies policy below:
Since 26 May 2011, the law now states that cookies on websites can ony be used with your specific consent. Cookies allow us to ensure that you enjoy the best browsing experience.

This site is intended for health professionals only

At the heart of general practice since 1960

Online access to patient records could spark 'ID theft', says data protection official

Data protection officials are fearing a rise in identify theft and other cybercrime when GP records become available online to all patients, it has emerged.

The warning, which comes as the flagship Government policy is already being rolled out, was put forward by the Information Commissioner’s Office (ICO) public services group manager Dawn Monaghan.

But NHS England told Pulse only patients and authorised carers will have access to online records, adding that practices must verify patients’ identities and explain the relevant safeguards.

Speaking today at a London event on NHS IT, Ms Monaghan said the ICO currently sees ‘very few malicious security issues’ in the healthcare sector but that she expected this to ‘come up the pile’.

She said: ‘We see very few [breaches] that are, what you would call “malicious security issues”; where somebody deliberately breaches password protocols, cybercrime, those sorts of things… within the health sector.

She added: ‘I would suggest the cyber-security side of things, the ID-theft side of things, will start to come up the pile in health when we get proper online access to patient records. That is a real danger, and that is where security by design and security in an organised way come in.’

The 2015/16 GP contract will see practices giving all patients access to the information in their summary care record from April and access to all coded information by April next year.

NHS England’s director of strategic systems and technology, Beverley Bryant, said: ‘Practices are required to check and verify people’s identify [sic] before issuing access credentials and guidance has been made available to them through NHS England and the RCGP. In addition, practices should make patients aware of their responsibilities and safeguards they should apply when accessing their records.’

Readers' comments (5)

  • Scary but vague
    Could Pulse ask for a bit more detail?

    Unsuitable or offensive? Report this comment

  • "Scary but vague" should be Pulse's tagline!

    Unsuitable or offensive? Report this comment

  • Having access to someone`s medical notes would help potential (unscruplous) employers, suspcious (abusive) spouses and also blackmailers, hackers, Newspapers etc etc.
    Presently the the access to medical records is via a login and password which is static. Banks have moved onto mutilevel security- password and a pin generator and also have active IP address filtering, threat management and also call back if any suspicious activity .
    The present system would enable any script kiddie with a keylogger to retrive the user ID and password and check their summary care record and very likely patient may never know this happened!
    Also if a controlling person is checking for their BF/GF/spouse/offfspring`s records , the vulnerable person may never come to their GP as the other person maybe able to find out if the summary care record has been updated recently!
    Hopefully the responsibility for any security breach is that of the government and not the GP`s who are now legally bound to make these available.

    Unsuitable or offensive? Report this comment

  • Anonymous | GP Partner | 11 February 2015 12:01pm Hopefully the responsibility for any security breach is that of the government and not the GP`s who are now legally bound to make these available.

    Dream on! The Information Commissioner has already stated that it is the data controller i.e. the GP who is held responsible. This could become a nightmare.

    Unsuitable or offensive? Report this comment

  • There are already many Data Protection Act 1998 abuses against doctors: secret files held by regulators (complaints against doctors which GMC does not disclose to doctors), inaccurate medical records of doctors as a revenge (professional rivalry, for example).
    As one of my friends said: 'While French are revolting, English stand in the queue waiting for their turn'.
    It is high time, doctors did something about it by taking it to European courts.

    Unsuitable or offensive? Report this comment

Have your say