NHS staff view celebrity records

September 18th, 2007

An NHS primary care trust has warned of a new risk to the confidentiality of medical records stored under the National Programme for IT [NPfIT] after a celebrity was admitted into hospital and more than 50 staff viewed the patient’s records.The warning by North Tees Primary Care Trust raises questions about whether hundreds of thousands of NHS staff who would be able to view electronic records under the NPfIT would have their accesses to information policed robustly.

Systems that support electronic patient records – a central part of the NPfIT – produce audit trails of who has accessed what information. But it’s unclear whether busy NHS employees would have adequate time to police audit trails

And Computer Weekly has published evidence of a culture in the NHS that is incompatible with tight lax security. Smartcards have been shared so that busy doctors can share PCs without having to log on and off each time. This means it can prove difficult to establish who has accessed confidential patient information.

North Tees Primary Care Trust says that the unauthorised access by staff of patient records presents a “new security risk” under the Department of Health’s Care Record Guarantee – which gives an undertaking to patients that their confidential data will be protected from unauthorised access.

The trust says in a paper to the Board:

“A new security risk … has been identified as part of the Care Records Guarantee. This risk is around staff inappropriately accessing [a] patient’s records who are not part of their care load. It was noted in an audit that a recent admission of a celebrity to a hospital had revealed over 50 staff viewing the patient record… Staff should only access records of patients with whom they have a legitimate relationship.”

The document paper adds that trusts have to demonstrate that regular audits are undertaken and that they have “disciplinary procedures in place to deal with breaches”.

If staff wanted to access the medical records of a well-known individual or anyone else they were interested in, the risk with paper-based medical records would be smaller because the files would ordinarily be held in one location, and may not be accessible remotely. It’s unlikely that dozens of staff could view a paper record without drawing attention to themselves.

Evidence on the security risks of electronic records was submitted to the House of Commons’ Health Committee by the UK Computing Research Committee, which is an expert panel of the British Computer Society, the Institution of of Engineering and Technology and IT-related scientists.

It said: “As a general principle, a single system accessible by all NHS employees from all trusts maximises rather than minimises the risk of a security breach. It increases … the opportunity for access to any one patient’s data from some point on the extended system… it is important that a formal analysis is carried out to identify risks and show that they have been reduced as low as reasonably practicable.”

A spokesman for North Tees Primary Care Trust said the accessing of a celebrity’s records took place elsewhere, not within the trust. The spokesman was unable to give any details of the incident or where it took place.


Smartcard sharing by an NHS trust – a breach of IT security or a practical way around slow access to the NHS Care Records Service?

Care Record Guarantee [for example on the confidentiality of patient data]

Loss of 1.3 million sensitive medical files in the US – possible implications for the NHS’s National Programme for IT

Department of Health and Connecting for Health security flaws

Major reports on NHS and NPfIT

Evidence submitted by UK Computing Research Committee to the Health Committee on the Electronic Patient Record

Report raises further NPfIT concerns – British Computer Society [Security]

Computer Weekly

My emphasis.

And of course, if the spine is implemented as they desire, you can multiply the 50 Hippocratic violators, nosey parkers, scumbags by 1000 as every terminal connected to the spine will be able to see everyone’s records without restriction.

The same goes for ContactPoint, the child violating database, and of course, the nearly aborted NIR/Identity Card.

All of these systems will be abused from the day they go online.

One can only hope that some brave person leaks the personal details of every member of parliament and the house of Lords and their many offspring, so that we can see whose daughter had an abortion, which of their children is on anti-psychotics, who has been beating their wife, which MP is infertile, which MP(s) have Gonorrhea / Syphilis / HIV etc etc.

THEN we will start to hear loud howls of disdain for the system, with rapid moves to dismantle it and then blame the previous administration(s) for the failure.

In the meantime, you really must have your records physically deleted from your GPs computer, so that the data does not get snarfled into the NHS Spine. If you do not even bother to ask, then you only have yourself to blame, when all of a sudden you are surprised when your new employer says, “I hope that we wont have any more skiing accidents while you are working with us; we need your commitment to us to be 100%”.


Your employer got a hold of your medical records and saw that you broke your leg whilst on holiday in the Alps two years ago.

How did he do it?



Of course, this is not a ‘new security risk’ as the report fallaciously states; this security risk is inherent to these poorly designed systems

One Response to “NHS staff view celebrity records”

  1. Do You Want Your Personal Medical Details Sold on E-Bay? « Leatherhead Matters Says:

    […] poor. For example a well known celebrity was recently admitted to hospital and within hours over 50 hospital staff had viewed her personal records. This data integrity breach is still being investigated by the NHS […]