12/12/2007
British NHS loses data; physicians to boycott database
Because of a civil servant’s mistake, two computer disks bearing personal information on half the British population were lost. Disks contained birth dates, addresses, national-insurance numbers, and bank account numbers. Treasury chief Alistair Darling said the breach in government security was “catastrophic.”
Disks were missing for 3 weeks before an alarm was raised. Although password-protected, the data was not encrypted.
Prime Minister Gordon Brown told the House of Commons: “I profoundly regret and apologize for the inconvenience and worries that have been caused to millions of families.” The government said there’s no sign the data has fallen into criminal hands
(AP 11/22/07).
There are, however, fraudulent emails circulating that cite the data loss and invite recipients to “confirm” their “security details.”
The lost records involve all Britons who claim a government stipend of about $38/week for their children. Nearly all families with children are included as there are no income restrictions. The payments are often routed directly into bank accounts
(LA Times 11/22/07).
This is the third security breach to have occurred on Brown’s watch, though he has only been in office for 5 months. Nevertheless, plans for a national medical-records database and biometric identity cards for all citizens are going forward. Conservative Party leader David Cameron said these plans should be reconsidered.
“People are desperately worried about the privacy of their bank account details and their personal details,” Cameron told Brown before the House of Commons. “They will find it truly bizarre…that frankly you don’t want to stop and think about the dangers of a national identity register.”
Guy Hosein of the watchdog group Privacy International stated: “It’s impossible to control this much data…. Whenever you collect information and keep it centrally, it will be…lost.”
Primarily because of privacy concerns, two-thirds of family physicians in England plan to boycott the government’s attempt to create a database of 50 million National Health Service patients’ electronic health records, according to a poll by Medix
(iHealthBeat 11/20/07).
Nearly 60% of GPs are unwilling to upload any record without the patient’s specific consent. After a campaign by The Guardian last year, ministers conceded that patients had the right to stop their files from being passed from their GP to an NHS data warehouse called the Spine. But they said that anyone not exercising that veto would be assumed to have given “implied consent” (Guardian 11/20/07).
The survey of 1,000 physicians showed that 75% thought records would be less secure on a central database that could be accessed by NHS and social services staff throughout England; 50% believed records would be vulnerable to hackers and unauthorized users; 25% were concerned about bribery or blackmail by people with access to the database; and 21% said they thought social services staff would not adhere to confidentiality rules.
This high level of skepticism was found in spite of months of campaigning by Connecting for Health, the NHS procurement agency for information technology (IT), to persuade doctors that the “summary health record” would save lives, noted John Carvel in The Guardian.
About 70% of GPs and hospital physicians think that the NHS expenditure of £12.4 billion to modernize the IT system is not a good use of resources. Only 1% rated progress as good or excellent.
The British Medical Association said: “The government will not regain the confidence of the public or the profession unless it can demonstrate that its systems are safe, and doctors will wish to see for themselves how the programme will work.”
Additional information:
- “Computerized Records Could Mean Data Overload, Legal Liability, Doctors Fear,” AAPS News of the Day 6/18/07.
- “Lost Patient Data Has Cost Providence $7 Million So Far,” AAPS News of the Day 12/22/06.
- “Personal Data of 26.5 Million Veterans Stolen,” AAPS News of the Day 5/23/06.
- AAPS testimony on health care information technology to House Ways and Means Subcommittee on Health, Jul 27, 2005.
From www.aaps.org