[Ssf] An interesting independent body?: FIPR -

[Amparo]

<http://www.fipr.org/index.html>


> Press Release — NHS Systems Fail to Protect Patient Confidentiality
> 
> The Foundation for Information Policy Research (FIPR) has called for
> much greater privacy protection for patients' medical information in
> a response to a National Health Service (NHS) consultation.
> 
> Current NHS strategy is focused on creating a central electronic
> patient record. There is already a "clearing" database that records
> payments made for all hospital treatment, along with the names and
> addresses of patients. Other medical databases available to ministers
> and civil servants contain enough information to identify the vast
> majority of the patients. FIPR believes that making this information
> available to so many NHS administrators and civil servants is
> unethical and will lead to growing abuse.
> 
> FIPR recommends that the NHS should instead concentrate on preventing
> existing abuse. For example, the British Medical Association
> recommended in 1996 that telephone requests to a health authority or
> provider for patient information should be logged, approved by a
> clinician and then authenticated by calling back to a telephone
> number in the NHS directory. A pilot of this scheme in one health
> authority exposed 30 phone calls per week made under false pretences.
> This suggests that over 200,000 attempts are made every year to get
> health information on patients, by investigators who call up
> pretending to be doctors or administrators. Most of these attempts
> currently succeed. Yet with the basic telephone discipline tested in
> the pilot scheme, the great majority of them could be stopped. But
> instead of extending this scheme across the country, NHS managers
> shelved it.
> 
> FIPR has also recommended that patients must unambiguously consent
> before their medical records are shared with anyone but the clinical
> staff actually providing treatment; that patients should be notified
> when breaches of confidentiality have occurred; and that invoices
> sent from hospitals to primary care trusts for hospital treatment
> should not carry the patient's name, but simply an order number.
> 
> FIPR chairman Ross Anderson said: "Patients entrust some of their
> most sensitive personal information to their doctors. NHS managers
> should not be trying to undermine that trust by spreading
> identifiable patient data around the health service bureaucracy and
> the civil service."
> 
> He continued: "The NHS must modernise their systems to protect rather
> than undermine patients' privacy. Otherwise they risk the trust
> between patient and doctor that is vital for effective healthcare." 
> Contacts for enquiries:
> 
> Ross Anderson Chairman Foundation for Information Policy Research 
> rja at fipr.org 01223 33 47 33
> 
> Notes for editors
> 
> 1. The Foundation for Information Policy Research (www.fipr.org), is
> a non-profit think-tank for Internet and Information Technology
> policy, governed by an independent Board of Trustees with an Advisory
> Council of experts. 2. Details of the NHS consultation are at:
> http://www.nhsia.nhs.uk/confidentiality/ 3. FIPR's response is
> available here.