Skip to main content
The BMJ logoLink to The BMJ
letter
. 2006 Jul 15;333(7559):146–147. doi: 10.1136/bmj.333.7559.146-b

To opt in or opt out of electronic patient records?

Electronic patient record is incompatible with confidentiality

Michael Foley 1
PMCID: PMC1502192  PMID: 16840481

Editor—From the website of the General Medical Council on the duties of registered doctors:

Doctors hold information about patients which is private and sensitive. This information must not be given to others unless the patient consents or you can justify the disclosure.

Patients have a right to expect that information about them will be held in confidence by their doctors. Confidentiality is central to trust between doctors and patients. Without assurances about confidentiality, patients may be reluctant to give doctors the information they need in order to provide good care.

Many improper disclosures are unintentional. You should not discuss patients where you can be overheard or leave patients' records, either on paper or on screen, where they can be seen by other patients, unauthorised health care staff or the public. You should take all reasonable steps to ensure that your consultations with patients are private.

The electronic patient record will allow a summary care record on every patient to be available from every NHS computer terminal.1 I look forward to the day when patient notes are legible, devoid of repetition, and contain results of relevant investigations. The electronic patient record might achieve this and improve patient care, although at a significant financial cost. Unfortunately, it is also a direct and serious threat to patient confidentiality.

Many hospitals already have electronic access to laboratory records and radiological images. Passwords are sometimes shared, screens left on in open view. Insufficient attention is paid to confidentiality and security, even though staff can be disciplined for breaching rules on electronic data protection. When the medical history of the whole population becomes available on a central computer the potential for loss of confidentiality is obvious.

Workers in hospitals or general practice surgeries might seek inappropriate access to medical records because of curiosity or malice, commercial gain, or simple error. If screens are left on in open areas or passwords compromised, tracing of access for disciplinary purposes would be difficult. If challenged after a breach of security one could argue that data were requested accidentally. I occasionally enter a wrong number into the radiology viewing system and see unwanted images. Such errors are inevitable.

The GMC clearly advises doctors that patients should be asked before entrusting their confidential medical records to others; this must mean that explicit consent is required to enter their data into a national computer system. The electronic patient record, whatever its political or bureaucratic attractions, is intrinsically incompatible with a confidential relationship between doctor and patient and we should advise our patients of this. The huge sums of money being invested in its development might be more usefully spent on improving patient care than on compromising their privacy.

Competing interests: None declared.

References


Articles from BMJ : British Medical Journal are provided here courtesy of BMJ Publishing Group

RESOURCES