A GP campaigning against the consent model for the NHS Care Records Service (NCRS) claims a European Court of Human Rights judgement reinforces his view that the NHS database is unlawful.
In a judgement published last week the European Court of Human Rights ruled that a nurse in Finland had her right to privacy breached. The nurse had been attending a clinic for treatment of HIV and at the same time was working in a different department of the same hospital. It became apparent that staff in her work department had looked at her computerised medical record and she was denied subsequent employment.
The European Court of Human Rights ruled that there had been a violation of article eight of the European Convention on Human Rights and awarded the nurse compensation.
Dr Paul Thornton, a GP in Warwickshire who has been campaigning against the legality of the NCRS, claims the judgement confirms that health care staff who are not involved in the care of a patient must be unable to access that patient’s electronic medical record.
The court judgement states: “What is required in this connection is practical and effective protection to exclude any possibility of unauthorised access occurring in the first place.”
Dr Thornton said that although the NHS database offers safeguards that were missing in the Finnish case, with access controlled by smartcards, an audit trail of all record accesses and the requirement for staff to have a legitimate relationship with the patient, such mechanisms were not enough to protect patients’ privacy.
He said large numbers of UK staff would be able, although not allowed, to access the records of large numbers of patients who were not under their direct care.
He said: “The judgement is clear that an ‘audit trail’ that would retrospectively identify staff who have accessed records inappropriately does not provide sufficient protection.”
Dr Thornton has lodged a Freedom of Information Act appeal with the Information Commissioner in an attempt to get the Department of Health to release its legal advice on the legal status of the electronic health information stored as part of the NCRS.
He added: “Doctors have grave concerns that the NHS database breaches patient confidentiality. The scenario in this Finnish case exactly illustrates the problems that will arise in the UK.”
Fiona Barr
Links
European Court of Human Rights judgement
Related articles