The BBC has published an investigative report suggesting that confidential National Health Service (NHS) records are being regularly accessed by people with no right to them.

Patients’ confidential medical records should have access restricted to doctors and nurses, but figures obtained under the Freedom of Information Act found that several security breaches have resulted from inappropriate data access.

These breaches in patient confidentiality have been the result of staff sharing passwords and giving unauthorized people access to the information.

The UK government has £13bn set aside to digitize the medical records of all 50 million patients in Britain by 2010. The records have a built-in audit trail to see who accessed what record, how and why, and for how long. Unusual patterns of activity can be flagged.

Small instances of inappropriate use could lead to large-scale data breach incidents. The data of all 50 million patients would be accessible from a single computer terminal. Although an audit trail is important in identifying the source of a breach, it is not a prevention for it.

Activist groups are suggesting that patients opt out of the database, and that the government reconsider the safeguards put in place for access to confidential patient information.

Via BBC, PogoWasRight Tags: nhs, national health services, data breach, health security, data security