York Hospital Loses HIV Notes

posted: 07/04/2009

Confidential medical records with details of 19 seriously-ill York Hospital patients were found in the street two miles away.

An investigation has now been launched about how the file, picked up by a passer-by, was lost.

The document revealed their name, age and medical history – with one person having HIV and syphilis.

The people affected were mainly elderly, except one 27-year-old. The hospital has apologised and is now investigating what happened.

HIV, confidentiality and stigma

Paul Ward, deputy chief executive of the Terence Higgins Trust said: "This breach is totally unacceptable. For anyone with HIV who is facing stigma, having personal information about their health being inadvertently made public is very worrying."

It could be difficult for a complex organisation like a hospital to get it right all the time, he added, but people trusted them.

"If there has been a failing we ask York Hospital to redouble its efforts to make sure it is able to ensure full confidentiality in the future."

Other patients had breast cancer, Alzheimer's, Parkinson's and multiple sclerosis. Handwritten notes found in the bundle gave details about their personal nursing care.

Mike Proctor, deputy chief executive of York Hospitals NHS Foundation Trust, said: "We take the protection of all patient information very seriously and we apologise to any of our patients and their families who may have been caused distress by this potential breach of their confidentiality."

The patients concerned would be contacted and reassured, he said. Policies on staff responsibilities for such information were clear. "We are appalled that details of this nature have been found outside the hospital."

He added that the trust was investigating the incident and would take appropriate action.

The papers were found by an unidentified person.

Source

Saved - Medical Data Confidentiality

posted: 09/03/2009

After eight healthcare organisations published a joint letter calling on the Ministry of Justice to rethink its data sharing proposals in the Coroners and Justice Bill, Justice minister Straw has bowed to the pressure over data sharing.

Jack Straw has now said he will scrap his controversial proposals that would have allowed patients' medical and DNA records to be shared with police, foreign governments and other bodies.

In a victory for civil liberties campaigners, the justice secretary bowed to public pressure over the data-sharing provisions in the coroners' and justice bill, which would have allowed public bodies to exchange data without the knowledge or consent of individuals involved. Doctors and the Bar Council had joined privacy campaigners in warning of the potential risks to public trust.

"Absolutely no part of the purpose of this legislation was to extend a Big Brother society - quite the reverse - but I understand people's anxiety," Straw stated. "I have never had a piece of legislation that was not improved by public debate during its passage through parliament."

He will now launch a fresh public consultation on how to implement more limited proposals from a review chaired by the information commissioner, Richard Thomas, which would allow government bodies to share information where there is clear benefit - for example, to ensure that bereaved families do not have to contact a string of official agencies to tell them someone has died.

The U-turn follows the Scottish government's decision late last week to withdraw support.
 

Medical Confidentiality Threat

posted: 16/02/2009

The confidentiality of medical records is under even more threat from government plans to relax laws on data protection, doctors' leaders have warned.

Dr Hamish Meldrum, chairman of the British Medical Association, said the profession was "extremely concerned" about legislation tabled by Jack Straw, the justice secretary, which would allow the Department of Health to share information on NHS databases with other ministries and private companies.

Health ministers have no immediate plan to make use of the power, which would give all Whitehall departments a fast-track procedure for getting permission to share data without parliamentary debate.

The NHS is years behind its timetable for putting everyone's medical records in England on to a national database known as the Spine. Ministers have given frequent assurances to patients that the information would only be accessed by healthcare staff who need it. However there are many, many examples of computerised medical and other data being lost or misused.

Health details might be shared for benefit claims

But Meldrum, chair of the British Medical Association, said people could not know whether future ministers or a future government would not share our private medical details with other departments. A future government might perhaps decide that it is administratively convenient to share details from your health records with the Department of Work and Pensions when you claim sickness or disability benefits.

According to the BMA, the trust between doctors and patients would be destroyed if Straw's bill, as it stands, became law.

In an interview, Meldrum said: "The bill gives any minister the right to access patient-identifiable information - and give others access to it. There appears to be no limit to what could be done with this information as long as the minister can make a vague ... justification, claiming that sharing the information is in line with government policy at the time.

"The doctor-patient relationship is built primarily on trust that information is given confidentially and will not normally be shared without the patient's consent. Once we go down the road where that principle can be breached, widespread possibilities could flow."

Hidden in Coroners and Justice Bill

The data-sharing power is included in clause 152 of the coroners and justice bill, which is mainly concerned with reform of coroners' courts and death certificates.

It would let any minister sign an "information sharing order" permitting the passing of data to another department, individual or company if it were "necessary to secure a relevant policy objective" and if the order "strikes a fair balance between the public interest and the interests of any person affected by it".

But doctors fear that in future ministers may see a public interest in making medical records available to vet recruits, or check people seeking benefits. Until now public bodies have not been allowed to pass on personal data - or let information collected for one purpose be used for another- without fresh primary legislation.

Only 3 weeks to object

Meldrum said he was not satisfied by the safeguard in the bill. This gives the Information Commissioner three weeks to comment on a data-sharing proposal, giving MPs an opportunity to vote it down. "I have not seen an argument why the [government] need this general power," he said.

Worried Information Commissioner

The Information Commissioner's Office, the independent authority for data protection, called for "much stronger safeguards in the bill to protect sensitive data, such as health records". If the Information Commissioner is worried, we should all be.

The Ministry of Justice said data would be shared only "in circumstances where the sharing of the information is in the public interest and proportionate to the impact on any person adversely affected by it". The Department of Health added it was "important to ensure that patient confidentiality is preserved and that patients consent to how their records are used".

Coroners and Justice Bill hides other surprises

This bill is a hotch-potch. Do not be deceived by the title given it by Jack Straw. It is a supermarket trolley full of bits of legislation that the government and the civil service want passed.

As well as

• allowing a minister to decree that an inquest should be held in secret to protect the state, or its relations with foreign powers,
• it removes exemption for "discussion or criticism" in the new offence of inciting hatred on grounds of sexual orientation;
• it makes changes to legal aid;
• it reforms bail in murder cases;
• it extends the law of child pornography to include non-photographic images; and
• it facilitates the sharing of personal data by all government departments.

As one commentator has pointed out - the strategy is clear. Secret inquests will draw the fire on the bill and then - conveniently - there will be no time to debate the huge issue of uncontrolled sharing of personal information between government departments and agencies.

As the Lords report on surveillance society stated two weeks ago: "The huge rise in surveillance and data collection by the state risks undermining the long-standing traditions of privacy and individual freedom which are vital for democracy."

Source 1

Source 2

A HIV+ Nurse, Human Rights and the NHS Database

posted: 15/09/2008

The NHS could be forced to completely rethink its £6 billion patient database, because it is unlawful under the European Convention of Human Rights, it has been claimed.

A nurse in Finland living with HIV found her confidentiality was broken when other health service workers searched medical records and discovered her HIV status. She took a case to the European Court for breach of privacy. The Court has now ruled that punishments for misuse of data are not enough to ensure people's confidentiality.

As a result, campaigners say, the NHS database could also be in breach of Article 8 of the convention, which protects the right to privacy.

The ruling concerned the case of a Finnish nurse whose colleagues discovered she was HIV positive after illegally accessing her health records. The court ruled that laws which allowed the nurse to sue for damages were not sufficient to protect her privacy. 'What is required in this connection is practical and effective protection to exclude any possibility of unauthorised access occurring in the first place,' it said.

The NHS database will use smartcards and passwords to ensure that staff can only access records where they have a relationship with a patient. These will create an 'audit trail', documenting any misuse of data. A spokesman for Connecting for Health pointed out that existing paper records have no such safeguards. The agency 'has supported higher penalties for the inappropriate accessing of patient data when it is malicious,' he said.

UK courts are required to take account of rulings from Strasbourg.

If a judge were to issue a 'declaration of incompatibility' with EU law, parliament would be forced to rethink the database.

Dr Paul Thornton, a GP in Warwickshire and campaigner for patient privacy, called on the DoH to abandon its plans for a single NHS database. If the system is to be lawful, the DoH 'will have to change its design to a lot of small, secure databases ',he said.

Professor Douwe Korff, a professor of international law at London Metropolitan University, described the ruling as a 'time bomb.' 'It shows it isn't good enough to say "this shouldn't happen",' he said. 'The government needs to take reasonable measures to ensure patient confidentiality.' Professor Korff added that the use of penalties for inappropriate data access often failed in practice. There is evidence that some NHS staff leave their computers logged on to save time. Others will ask colleagues for patient details by phone, citing computer problems, he said.