Celebrity's details illicitly viewed by NHS staff

Tags: CfH Confidentiality consent DH PCT SCR

20 Sep 2007

Reports that the records of a celebrity were illicitly viewed by over 50 members of staff at an NHS hospital look set to further fan fears about the confidentiality of patient records in the NHS Care Records Service now under development.

Ironically, the incident was cited in board papers for North Tees Primary Care Trust only as an illustration of why it was necessary to tighten procedures for staff to access sensitive personal medical records.

The March board paper said: "It was noted in an audit that a recent admission of a celebrity to a hospital had revealed over 50 staff viewing the patient record."

The PCT was unable to name the celebrity and says that the incident did not occur in any of its hospitals. It was also unable to identify where or when the incident had occurred or the source its board paper had reported it from. “This incident is unrelated to North Tees PCT and occurred in an unknown trust,” said a spokesperson.

E-Health Insider has been unable to identify the original source of the reported incident. This makes it impossible to know whether it occurred on a system supplied under the £12.4bn NHS IT programme. Connecting for Health (CfH), the agency responsible for the IT programme, told EHI it was unaware of the incident.

However, given public concerns about the confidentiality of patient records due to be stored on the national database of summary care records (SCR) - pilots for which are now underway - the media reports of illicit access can only exacerbate fears about privacy.

Last week MPs on the Commons Health Select Committee expressed their concerns about the lack of clarity on consent and confidentiality mechanisms for the SCR. They gave the thumbs up to the hybrid model now being used but said the absence of the promised ‘sealed envelope’, intended to let patients lock away particularly sensitive data, was a serious weakness.

The MPs were also concerned by what they described as inconsistent information about the consent model for the SCR and criticised the DH and CfH for poor communication to clinicians and patients on the issue.

Dr Gillian Braunold, head of the SCR programme for CfH, told EHI that unfortunately incidents of inappropriate record access did occur and were often undetected using current systems. She argued that such incidents were actually an argument in favour of CfH systems which “will be secure and have the ability to track back record access.”

Reader's Comments

Urban Myth?

nhstechie@btinternet.com

20 Sep 07 23:09

It would be interesting to discover whether this is another urban myth, or a genuinely recent event.

We had a very similar incident in the NW of England in the late 1990s, subsequently mentioned during a regional conference on IT Security and Caldicott Guardianship. Even the number of staff viewing the celebrity details is identical to the original story.

Myth or reality - Detectable or undetectable??

21 Sep 07 11:09

There was a very similar sounding story circulating a number of years back and the celebrity was then said to be a football manager....who knows if this happened recently, but it has to be a continuing possibility. My question is, with so many celebrities around, so with the potential for many such episodes of ill-health, do the current LSP provided systems actually have the functionality to detect such breaches? I am aware that the (now being decommissioned) NHS Number Tracing Service certainly does have this kind of functionality as we get notified of 'suspicious' behaviour by users and there are auditable logs. In contrast, I struggle to see how iPM as currently supplied by CSC to three NHS clusters would be able to detect these kinds of patterns - does anybody know?

Urban myth

21 Sep 07 11:09

It is surely also an urban myth that CfH systems will automatically be better than local ones at controlling inappropriate access. Our existing system does have audit trail records, and Information Governance staff trawl through them, and recognise the user names, roles and current staffing issues.

The Audit trail is also available to be viewed by users on the record, so could be shared with the patient.

How you can sensibly track activity across the whole cluster, or in SCR case, country, is a puzzle, and not something I have seen detailed.

Blame the system?

21 Sep 07 14:09

Assuming that this is not an urban myth, my immediate thoughts are that this is a staff issue, not an issue to do with the new systems. If the staff were able to access the record as part of their job role (IE: If they had the rights on the system to do this as part of their normal, day to day access needs), then it is the staff that should be questioned about why they accessed the patient's record when they (presumably) had no medical reason to do so.

re Urban myth

21 Sep 07 16:09

Inappropriate access to patient information is far from being an urban myth... One of our local authorities had a similiar incident several years ago when a high profile sports figure was admitted to hospital. Audit trails revealed that a significant number of clinical staff with no direct involvement in the delivery of care to the patient had viewed his information. They were subsequently reprimanded for their behaviour.

System security design, particularly in healthcare, must by definition strike a balance between protecting information and ensuring that it is immediately available to those providing care. It is incumbent upon end users to behave responsibly and not abuse the access rights that they have been granted in order to perform their work.

Lets not blame the systems for what is clearly a professional practice/conduct issue.

Belt and braces

edgar.bolton@ncumbria.nhs.uk

21 Sep 07 16:09

The NHS EPR systems need to have functionality with allows inappropriate browing to be detected. Some of the systems 'tested' by the NHS prior to the allocation of LSP contracts were very hot on this - there can surely be no better deterent to 'snooping' than the fact that when you look at an electronic patient record this fact is itself recorded on the record. It would be nice to think this would never be needed - but this is one of those areas were the misbehaviour of a small minority rubs off on the rest of us - exactly the same issues potentially apply to inappropriate access to paper casenote files - or staff records for that matter

The need for this kind of IM&T security functionality has been identified within the NHS for a decade or more - it is puzzling as to why it seems that audit trails of browsing seem so relatively underdeveloped in the main products deployed

Urban Myth

25 Sep 07 21:09

It seems rather strange that North Tees eluded to such a matter, especially when a number of staff were dismissed from their posts by neighbouring Newcastle Hospitals trust (The same SHA) after a football club manager had been treated there and his records accessed. No urban myth!

Send an e-mail each time record is accessed

malcolm.willis@nhs.net

01 Oct 07 12:10

I would like to see a system enabled with the ability to send me an e-mail every time my record is accessed with the details of who looked at it. We recently dismissed a member of our staff when the audit trail showed she had accessed the record of a family love rival.