As many as 140,000 non-medical staff, including porters and housekeepers, have access to sensitive NHS patient files, it emerged last night.
The astonishing lack of privacy protection has been revealed by a Freedom of Information survey.
Government guidelines say only staff involved in 'providing and supporting patient care' should have access to confidential information.
But trusts are interpreting the rules so widely that administrators, porters and IT staff are all cleared to potentially delve into a person's medical file.
Last night Tory spokesman Stephen O'Brien said the revelation would 'send a shiver down the spine' of NHS patients.
The Information Commissioner's office said access to records should be strictly controlled and it would study the revelations to see if further action was needed.
Critics say it will become even easier to access medical records when they are stored on a controversial new NHS database, although the Health Department says this will make files more secure.
The survey of NHS trusts was carried out by the privacy campaign group Big Brother Watch.
It asked specifically about the number of staff not directly involved in the treatment of patients who have immediate access to medical records.
Immediate access was defined as being able to see at least a patient's name, date of birth and most recent medical history without needing the consent of the patient or another member of staff.
In the 140 Trusts which responded, 101,272 non-medical staff could potentially access such records - an average of 723 per trust.
When trusts which did not respond are factored in, the total across the country could be as high as 140,000.
Among those who replied, the University Hospital of North Staffordshire NHS Trust said those with access included 107 porters and 105 receptionists.
At Cwm Taf NHS Trust the total included receptionists, housekeepers and domestic staff.
North Staffordshire said porters did not have access to electronic records, but routinely carried paper files between departments as part of their job.
Alex Deane, director of Big Brother Watch, said the Government needed to address the problem as a matter of urgency.
He said: 'The number of non-medical personnel with access to confidential medical records leaves the system wide open to abuse.'
Fears have already been raised over the security of moving records online as part of the Government's National Programme for IT.
Earlier this month the British Medical Association called for the programme to be slowed down, saying pilot schemes had not yet been properly evaluated and not all patients had been given the chance to opt out. Big Brother Watch says patients could challenge the legality of the system.
The European Court of Human Rights, passing judgment on a Finnish case, has said access should be restricted to those directly involved in personal care.
Campaigners say such widespread access is behind the worrying level of data security breaches in the NHS.
The latest-report by the Information Commissioner revealed 140 incidents reported in the NHS in just four months, more than central and local government put together.
The Department of Health said last night: 'We have made it very clear that it is completely unacceptable for staff with no involvement in providing and supporting patient care to access confidential information. We have set clear standards for NHS organisations.'
The spokesman said the computer modernisation programme would cut the number of staff who could see files.
He said: 'Access to electronic records is controlled by smartcards, which allows all access to be tracked and audited. This means that, unlike with paper files, any abuse can be traced and dealt with'.
The Summary Care Record will make patient files easier to access than ever before. And there are fears that the Government is making it too hard for patients to opt out of having their details added to the NHS computer system.
The system will bring together a short medical history of a patient in a computer file.
But before these records can be uploaded a person must have a written warning, which comes with an opt-out form.
Patients are supposed to have a 12-week window to contact the NHS if they want to opt out. They can also find the form online.
However, the British Medical Association says letters may go missing, meaning a person's details are being added without their knowledge and 'at breakneck speed'.
Almost 1.3million records have already been created and another 8.9million people have received a letter about the programme.
No comments:
Post a Comment