The Medical Defence Union (MDU) has warned GPs that the disadvantages of storing patient information on data clouds 'may, for the present time, outweigh the benefits' because of risks to security and confidentiality.
MDU medico-legal adviser Dr Claire Macaulay said GPs have a legal duty under the Data Protection Act (DPA) to ensure that patient information is held securely and protected from unauthorised or unlawful processing.
She said: ‘Traditionally information such as patient records has been stored locally within the practice. But cloud computing can offer a convenient alternative, not least because the information can be accessed from any computer. However, the potential security and confidentiality risks of doing so may, for the present time, outweigh the benefits.
‘Doctors are obliged by the GMC to ensure that personal information about patients is protected at all times against improper disclosure. As data controllers, doctors also have a legal duty imposed by the DPA to ensure that patient information is held securely and protected from unauthorised or unlawful processing.
‘The DPA also requires that personal data should only be handled in ways people would reasonably expect. It is questionable whether patients would expect sensitive medical information to be held in an off-site storage facility not under the direct control of the doctor involved in their care. In the MDU’s view it would therefore be necessary to seek the consent of each patient to store their data in such a way, making patients aware of any risks involved and as far as possible, in which countries the data will be stored.’