This site is intended for health professionals only

Confidentiality risk with paper records

By Gareth Iacobucci

GP practices are leaving themselves open to breaches in patient confidentiality through their handling of paper records, with security concerns more common than with electronic systems, an assessment reveals.

Clinical Risk Self Assessment (CRSA) reports from 126 GP practices, collated by the Medical Protection Society, reveal GPs indentified a total of 127 paper-based risks, most commonly in faxing, but also in shredding information and record storage.

The assessment exercise, carried out through 2009, identified 82 potential risks associated with computers or mobile phones, questioning suggestions that use of electronic information is heightening security concerns.

The most common risks identified in the study were in overhearing receptionists, identified in 91% of practices, followed by computer screens visible to patients in 62% of practices, and faxing, also in 62% of practices.

Failure to shred confidential information was highlighted as a risk in 35% of practices, answering machine messages were flagged up 21%. Storage of medical paper records was identified as a potential problem in 5% of practices, and text messaging was mentioned in 3%.

Dr Nick Clements, head of medical services at MPS's Leeds office, said there was no evidence use of electronic records was more likely to lead to patient confidentiality breaches. ‘In terms of cases we see, the overwhelming majority tend to relate to paper records, or somebody in the surgery disclosing information erroneously,' he said.

He added that it was purely the scale of potential breaches with electronic data that made people more concerned about them, rather than breaches being more frequent.

‘If you follow the recommended safeguards and never use unencrypted records, they should be less prone to a data breach, because if you lose somebody's paper records, anyone can read them,' he said.

Confidentiality risk with paper records Click here to read the rest of our special issue on IT and information governance. Guest editor