This site is intended for health professionals only

Online access to patient records could spark ‘ID theft’, says data protection official

Data protection officials are fearing a rise in identify theft and other cybercrime when GP records become available online to all patients, it has emerged.

The warning, which comes as the flagship Government policy is already being rolled out, was put forward by the Information Commissioner’s Office (ICO) public services group manager Dawn Monaghan.

But NHS England told Pulse only patients and authorised carers will have access to online records, adding that practices must verify patients’ identities and explain the relevant safeguards.

Speaking today at a London event on NHS IT, Ms Monaghan said the ICO currently sees ‘very few malicious security issues’ in the healthcare sector but that she expected this to ‘come up the pile’.

She said: ‘We see very few [breaches] that are, what you would call “malicious security issues”; where somebody deliberately breaches password protocols, cybercrime, those sorts of things… within the health sector.

She added: ‘I would suggest the cyber-security side of things, the ID-theft side of things, will start to come up the pile in health when we get proper online access to patient records. That is a real danger, and that is where security by design and security in an organised way come in.’

The 2015/16 GP contract will see practices giving all patients access to the information in their summary care record from April and access to all coded information by April next year.

NHS England’s director of strategic systems and technology, Beverley Bryant, said: ‘Practices are required to check and verify people’s identify [sic] before issuing access credentials and guidance has been made available to them through NHS England and the RCGP. In addition, practices should make patients aware of their responsibilities and safeguards they should apply when accessing their records.’