 
|
|
|
4 January 2008 Doctors encourage patients to opt-out after NHS data lossesSA MathiesonA letter for patients to use to opt-out of the English NHS’s nascent central database of medical records, written by doctors and medical privacy campaigners, has reached more than 200 000 downloads. Meanwhile, nine NHS trusts have admitted data breaches, in the wake of HM Revenue and Customs’ loss of 25 million people’s data. The standard letter points out that the government is asking GPs to transfer medical data without patients’ individual consent, against BMA policy. “I do not believe that such a large database, with so many staff users, can be regarded as secure,” it continues, and quotes 93C3, a special code which records the patient’s refusal to consent to the national shared electronic record. Helen Wilkinson, founder of TheBigOptOut.org campaign which hosts the letter, says interest has picked up since the HM Revenue and Customs disaster, although the letter was first uploaded in November 2006. Following that, the Department of Health told NHS trusts to send personal data encrypted and by courier. “In the past, we can assume it was sent unencrypted and by normal post,” she said. Wilkinson added that 400 000 people working with the health service, including staff at chemists, already have access to the existing NHS Personal Demographic Service, which includes names and addresses in addition to ex-directory numbers and next of kin. As the system is not publicised, she believes this puts at risk victims of domestic violence and others with a need for privacy. People can opt-out only if police or social services request it. During the Christmas holidays, nine English NHS trusts admitted they had lost personal data on patients. The Department of Health said it did not have figures on how many patients were affected, but the Sunday Mirror newspaper reported that London’s City and Hackney primary care trust lost a CD holding the names and addresses of 160 000 children. The other trusts reporting breaches were Bolton Royal Hospital, Sutton and Merton, Sefton Merseyside, Mid-Essex Care Trust, Norfolk and Norwich, Gloucester Partnership Foundation Trust, Maidstone and Tunbridge Wells – which suffered two such incidents – and East and North Hertfordshire. UK'S RECENT DATA BREACHES Big data-users could fund stronger UK law enforcement (3 January 2008) Government to toughen Data Protection Act (19 December 2007) Details of three million learner drivers lost in Iowa (18 December 2007) Norwich Union Life fined £1.26m (17 December 2007) Northern Irish drivers agency loses data on 6000 drivers (14 December 2007) ICO: consider privacy before installing new IT (11 December 2007) Banks turn monitoring software to high (26 November 2007) HMRC data loss: NAO request
evidence (23 November 2007) HMRC appears to be “bang
to rights” says assistant commissioner (21 November 2007) UK government loses data on 25m Britons (20 November 2007)
|
|
