Editorial: Better to miss a target than threaten privacy

A flaw in the security of the Choose and Book IT system, identified by a Nottinghamshire GP, means that the medical and personal details of patients booked through the system could be accessed by someone who has no business looking at them. The potential for breaching patient confidentiality or stealing a patient's identity is obvious.

Connecting for Health has promised to address the problem quickly. Luckily, the initiative has not been as successful as the DoH has hoped - more than 2,800 practices may have registered to use the system but half of these have made 12 or fewer bookings, according to January figures - so it could quite easily be shut down until total confidentiality was assured.

However, this seems an unlikely response, given the initiative is already missing DoH targets. The IT body does have a sealed envelope mechanism in the pipeline, but this will not be ready until 2007.

While Connecting for Health 'gives further consideration to the issues raised', it says patients should not worry because 'everyone working for the NHS ... has a legal duty to respect patient confidentiality' and will be warned if they are about to access something they should not see. Of course they can ignore this warning, and if they do the computer will simply note they have accessed this information.

So where does this leave GPs? The Medical Defence Union has advised that 'if doctors are aware of flaws in the system that could lead to a breach in confidentiality, they should not use it'.

The GPC believes that it is up to GPs to decide for themselves whether they are satisfied with security. This is a decision that should be made by IT experts not the average GP, who is unlikely to be an expert in computer security or the Choose and Book system.

Use of the Choose and Book system should be halted until its security has been reviewed and any necessary safeguards put in place. If Connecting for Health will not pull the system until this is ready, the GPC should advise GPs not to participate. It would be better for the DoH to fall behind on another target, than for a patient to suffer in any way due to a breach in confidentiality.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register

Already registered?

Sign in

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus