The question of the extent to which those working within the national health service should have access to patient data is a difficult one to resolve. On the one hand, permitting widespread access can potentially enable health service provides to provide more efficient, ‘joined up’ health-care to patients. On the other hand, there will always be concerns that too much access increases the risk that patient data, which is obviously sensitive personal data for the purposes of s. 2 of the Data Protection Act 1998, will be misused and/or inadvertently disclosed to third parties. We have seen this debate unfolding not least in respect of the Spine database project which is aimed at achieving a comprehensive centralised database of NHS patient records. The British Medical Association amongst others have alreeady expressed concern that the system is being rolled out too quickly (see further this article from the Guardian earlier this month). Today, reports are surfacing in the media that an NHS Trust in Wales is failing to ensure that proper restrictions are being placed on hospital staff accessing patient data (see further this BBC article which suggests hospital porters, IT staff and administrators have all been permitted access to patient data). This kind of story is only going to fuel concerns that the quest for efficiency in patient treatment requires too high a price to be paid in terms of compromising the privacy rights of patients.


The creation of electronic summary patient records which can readily be accessed by medical teams on the NHS broadband computer system, known as the Spine, is one which has met with approval in many quarters. This is unsurprising given the potential health benefits resulting from clinicians being able to access such records. However, this approval has been tempered by concerns that the NHS, in common with other large-scale public authorities, may not be able to maintain appropriate levels of security with respect to this manifestly sensitive personal data. Yesterday the Guardian reported that, following talks between the ICO and Connecting for Health (CfH), the agency responsible for implementing the records scheme, CfH has now yielded to calls for NHS patients be given the right to have their summary care records deleted from the system (although deletion would not occur if the records had already been used, in which case they would be archived for medic-legal reasons). The right to have records deleted will be additional to the right already granted to patients to opt out of the scheme before a record is created for them. CfH’s decision to permit patients to have their record deleted represents a move away from earlier proposals that, where objections were made, the record would simply be ‘masked’ within the system. Notably, the news over changes to the care records scheme comes only days after it was revealed that records revealing personal data relating to tens of thousands of MOD personnel, which were lost last year, had contained not merely financial information but also highly sensitive vetting information. The revelations have been controversial because, whilst the loss was announced last year, neither Parliament nor the ICO were informed that the lost data included sensitive vetting data.