European judgement casts doubts on NHS CRS consent

  • 25 July 2008

A GP campaigning against the consent model for the NHS Care Records Service (NCRS) claims a European Court of Human Rights judgement reinforces his view that the NHS database is unlawful.

In a judgement published last week the European Court of Human Rights ruled that a nurse in Finland had her right to privacy breached. The nurse had been attending a clinic for treatment of HIV and at the same time was working in a different department of the same hospital. It became apparent that staff in her work department had looked at her computerised medical record and she was denied subsequent employment.

The European Court of Human Rights ruled that there had been a violation of article eight of the European Convention on Human Rights and awarded the nurse compensation.

Dr Paul Thornton, a GP in Warwickshire who has been campaigning against the legality of the NCRS, claims the judgement confirms that health care staff who are not involved in the care of a patient must be unable to access that patient’s electronic medical record.

The court judgement states: “What is required in this connection is practical and effective protection to exclude any possibility of unauthorised access occurring in the first place.”

Dr Thornton said that although the NHS database offers safeguards that were missing in the Finnish case, with access controlled by smartcards, an audit trail of all record accesses and the requirement for staff to have a legitimate relationship with the patient, such mechanisms were not enough to protect patients’ privacy.

He said large numbers of UK staff would be able, although not allowed, to access the records of large numbers of patients who were not under their direct care.

He said: “The judgement is clear that an ‘audit trail’ that would retrospectively identify staff who have accessed records inappropriately does not provide sufficient protection.”

Dr Thornton has lodged a Freedom of Information Act appeal with the Information Commissioner in an attempt to get the Department of Health to release its legal advice on the legal status of the electronic health information stored as part of the NCRS.

He added: “Doctors have grave concerns that the NHS database breaches patient confidentiality. The scenario in this Finnish case exactly illustrates the problems that will arise in the UK.”

Fiona Barr

Links

European Court of Human Rights judgement

Related articles

FoI appeal on summary records legal status

European Court fines Finland for data breach

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Today's edition includes GOSH using AI to help identify Parkinson's Disease and a look at the challenges of evaluating digital health tech.
Somerset NHS FT contacts patients about data breach

Somerset NHS FT contacts patients about data breach

Patients at Musgrove Park Hospital are being contacted by Somerset NHS Foundation Trust after it was revealed a staff member inappropriately accessed data.
Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

This morning briefing features news from MD Consents, Cardiomatics and confirmation of a data breach at genetic testing company 23andMe.