This leads to two separate concerns: one on the ethics and indeed security of sharing such personal information with third parties; and the other on the basic security needed to store these records. Yesterday, as the date for final submissions to the review panel passed, FairWarning published a letter it had sent to Dame Caldicott. CEO Kurt Long expressed his concerns for the present and his wishes for the future.
Long pointed out that according to FairWarning’s own earlier survey, “86.5% of respondents believe a serious breach of personal data would do considerable damage to a hospital’s reputation. 87.2% believe the NHS should monitor who looks at their patient records.” Nevertheless, he noted that according to the ICO, “data security breaches within the NHS have increased by 935% in the past five years. Yet there remains no legal requirement in the UK for providers to disclose to the patient when a privacy breach has taken place.”
He believes that mandatory disclosure will provide a major driver for improved security. “This,” he says, “would bring a level of accountability to care providers that cannot be achieved by other measures such as random audits and fines.”
Long is also concerned about a current lack of mandatory audit trails. “This means that when a privacy breach has occurred, neither the care provider, enforcement agencies or the patient has the ability to reconstruct who has been affected, to what extent damage has been done and how long it has been occurring.” The use of audit trails across all electronic health records and applications, he adds, “would be the first and potentially most important step towards securing and protecting patient privacy.”
To these primary requirements, he adds making it mandatory for trusts to build privacy into their IT systems and reinforcing a culture of privacy in the NHS through education and awareness. “These simple steps will help to transform data security within the NHS, building levels of trust between patients and providers and significantly enhancing patient care through the secure use of electronic healthcare.”