Exclusive: Confidentiality doubts over Choose and Book

GPs have demanded an urgent review of the Choose and Book IT system after it emerged that users can obtain sensitive clinical information about patients from any practice in the country without their consent.

Investigations by concerned GP practices have revealed that any member of staff equipped with a smartcard, many of whom are not clinicians, can access information about patients booked through the IT system.

GPC IT subcommittee chairman Dr Paul Cundy said this contravened the Data Protection Act.

'Details of referrals are clinical information,' he said. 'If a patient is not registered with me, I should not be able to find out, without consent, that they have had an appointment with the psych-iatrist or the termination clinic.

'This system is insecure and I have asked (GP clinical lead for Connecting for Health) Professor Mike Pringle to look into this.'

The system's weaknesses were uncovered by Nottinghamshire practices equipped with Choose and Book software.

Dr Kesten Challen, a GP in Calverton, asked staff at other practices to test her concerns about confidentiality. They found details for a patient with an unusual name simply by entering their name, sex and a date of birth within 20 years of their correct one.

The records show patients' NHS number, address, phone numbers, date of birth, hospital referral booking reference numbers and passwords, and disability requirements. They also list hospital referrals and who made them.

Dr Challen's practice has refused to adopt the system.

A mechanism to prevent access to records by people with no legitimate clinical relationship to the patient is expected to be rolled out in 2007.

About 85 per cent of practices in England now have access to the system.

Dr Nicholas Norwell, a medico-legal adviser at the Medical Defence Union said: 'If doctors are aware of flaws in the system that could lead to a breach of confidentiality, they should not use it. Using a faulty system may be against the law and is definitely against GMC guidance.'

Professor Pringle said health professionals were used to handling confidential data. He said a record search would trigger a warning to the user that they should not look at records without permission and would create an alert that would be investigated.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins


Already registered?

Sign in

Follow Us: