Records Inappropriately accessed
It has been reported that the ECS of patients in Scotland has been accessed without patient consent. It is not kwon how many patients have been affected and when I was listening to the news last night it seems the NHS trust in question (Fife) do not know when the records were accessed or why they were accessed.
As usual, here are a couple of links about it.
http://news.bbc.co.uk/1/hi/scotland/edinburgh_and_east/7763349.stm
Hundreds of millions of medical records shared
It would seem the government have agreed to allow academics access to hundreds of millions of medical records without patient consent or knowledge. I would try and pretend to be shocked, but that would require acting good enough to get me an Oscar, so I think I will give it a miss.
Computer weekly wrote “The transferred records contain patient-identifiable information on nearly every stay by patients in hospitals in England, and visits to an accident and emergency department. Also within the transferred records are 215 million confidential files on visits to outpatient departments.”
So who got the information? First of all the data was sent to BT (they run a service called the Secondary Use Service) who then passed this information to the Dr Foster unit.
Computerweekly.com also points out “The Dr Foster Unit has received for research purposes 500 million health records, which includes 180 million inpatient and day cases. The unit has 285 million files which include patient-identifiable information”.
We are constantly told by the NHS, the government and researchers that patient privacy is something that is taken seriously, yet hundreds of millions of records are shared without patient consent.
With the government (along with backing from researchers) determined to make everyone’s record available via a national database accessible the police, researchers and countless others, things can only get worse.
As always, please follow the links for more information:
Computerweekly.com story:
http://www.computerweekly.com/blogs/tony_collins/2008/10/patient-records-leave-nhs-offi.html
Dr Foster Unit:
http://www1.imperial.ac.uk/medicine/about/divisions/ephpc/pcsm/research/drfosters/
BT (sorry, SUS)
http://www.connectingforhealth.nhs.uk/systemsandservices/sus
http://news.bbc.co.uk/1/hi/scotland/edinburgh_and_east/7490262.stm
“Health bosses have ordered a data amnesty after an employee lost personal information of 137 patients. NHS Lothian launched the campaign to ensure all 28,000 staff understand the rules on storing sensitive data – and own up if they lost files themselves.
The move comes after a worker admitted losing a computer memory stick with copies of letters sent to Edinburgh GPs by NHS Lothian over two years.
The letters cover details of patients in the central Edinburgh from 2006″.
This is something I sort of think is good. I believe that if someones loses patient data they should get in serious trouble or even sacked (right now most people get a slap on the wrist) but at the same time I think it is important to try find out how much data has been lost, I guess this is one of the best ways but it also means letting some people off the hook. It does say a lot about how worried some NHS trust are when they need to have this sort of thing.
More reords left lying arround
http://news.bbc.co.uk/1/hi/scotland/tayside_and_central/7414319.stm
It would seem that the NHS in Scotland are still not caring about looking after records. It is incidents like this that cause me to distrust health workers to look after my records. The hospital was in a 20 year shut down phase and the last thing they seemed to care about was patient confidentality.
It makes no difference if the records are on paper or on a computer if the person who is meant to be looking after it fails to do so. When patient confidentality is the last thing on your mind, you should not be allowed access to the records.
Types of people who ‘protect’ data
When it comes to medical privacy there is often a lot of talk from those who want to share/access identifiable data about how data will be protected and they can control access. Unfortunatley these are often grouped into 3 different groups.
- There are those who have a low standard of protection. An example of this would be most GPs. GPs often tell patients that what they learn in the course of their work will go no further and their records are protected, yet a lot will often start telling people about tye patient so the information can get into the patients records, as one of my ex GPs said “doctors do not do notes, that is someone elses job”. In other words, the min the patient leaves, the GOP will tell someone else. I have also found that most calldicott Gaurdians come under this group. As with GPs, their standard of aproprate sharing of data is often far lower than what patients think and when it comes to privacy, they rarely, if ever, will hear both sides of any complaint, usually deciding to side with their friends who also have a low standard. This is further complicated in that they are often paid by the people they are overseeing even though this creates a conflict of interest. Who have to ask whos interest they have at heart, their own or that of the patient? Unfortunatly I have found they have the interest of their own at heart and most would rather protect the reputation of health workers and the NHS than tell the truth. This group of people are the low of the low as far as I am concerned. they lie to patients to obtain data/carry out examinations and when patients do get told they ether attempt to make the patient think it is for their own good and those patients that see past this Bull are given 2 simple choices, ’share or die’. This group will also often share data so that it can be passed to others for targets or payments. In some cases it will be identifiable but even if it is not, the people accessing the records to get it will have access to the identity of the patient.
- There are those who think they have a high standard by are not aware of what is being shared. An example of this are some Calldicott Gaurdians and some health workers (not all are scum, just most). Some will tell you that when it comes to the police and social services they will tell them to ‘get stuffed’. Whilst this seems good, they are often unaware of data sharing. for example data from the new Summary Care Record in the NHS in England will be copied in a way that police and social services have access. This means that when they tell the police or SS to ‘get stuffed’, the police and SS will simply access the data from somewhere else (such as SUS) or they will alreday have the information anyway. At the same time anti-privacy laws/legislation in the UK is being introduced faster, meaning any promise about privacy is no protection. Other groups of people that come under this are those who work in Sexual Health Clinics. These people are often unaware that identifiable data can be shared with researchers, but I have to say that some will know but simply not tell the patient
- The last, and by far the smallest group, are those who do protect data. These people are far and few between. they will store data in a way that others can not access and they will stand up to those who demand it. Some will even not record data. An example of this are some therapist. If you wanted some therapy, you can often tell the person you are seeing that you do not want anyone else to know what you are there for. Whilst some will refuse to see you unless you ‘consent’ to notes being kept others will agree not to keep notes (the disadvatage of keeping notes is that they can be accessed under some UK laws by others. Although this does not happen often, it is staill a risk). Some of those that demand they make notes willl often make them very brief and a broad outline.
Student data lost in post
Seems data is still going missing. When will these people learn!?
http://news.bbc.co.uk/1/hi/scotland/7210358.stm
Tax return site seems to be ‘too risky’ for some people. (http://www.telegraph.co.uk/news/main.jhtml;jsessionid=VUWTDRLGXJMBFQFIQMFCFGGAVCBQYIV0?xml=/news/2008/01/26/ntax126.xml).
there is a website that gives a list of some other breaches. This is not a compleate list (for example last time I checked it did not mention Grampian NHS losing data 8 times in 5 years and it would be very difficult to list all breaches that have taken place at a more local level). http://www.openrightsgroup.org/orgwiki/index.php/UK_Privacy_Debacles
Sample medical questionaire
As far as the health profession and MSPs are concerned, this sort of questionaire is perfectly fine. Even the Information Commissoners Office seems to think this is fine.
If you notice option Q, it will be apparent that you must disclose all medical conditions/problems. That measn if you are not prepared to duisclose your thrush from 3 years ago or now, then you can not apply for the job. Thrush is unlikely to be relevant, but they are allowed to know it.
This goes directly to the employer and can be read by anyone you give the form to or whoever the emjployer allows to handl it. The job is serving customers and stacking shelves.
More data goes missing
Been a while since I updated, so here are a few things.It seems that even more data the government wants us to trust them with has gone missing.So far these incompetent morons have managed to lose the details of 25 million people (along with bank info and other sensitive data including the identities of people on the witness protection scheme), the DVLA lost data after they sent it to the USA, The DVLA in NI lost data they were sending to the UK mainland and the list is getting longer all the time.Here are some links to read up on each thing.
‘Up to 3,000′ patient records on laptop stolen from GP surgery
http://www.pulsetoday.co.uk/story.asp?sectioncode=35&storycode=4116547&c=1NHS trusts lose patients` details of hundreds of thousands of adults and children
http://news.bbc.co.uk/1/hi/uk/7158019.stm
It would also seem that NHS Grampian lost data 8 times in 5 years. http://news.bbc.co.uk/1/hi/uk/7158688.stm
They still insist they can be trusted with our data and they still demand that they know everything about you and your family, yet the cant even look after the stuff they have already stolen from us. When will these pathetic people learn
Who knows who your calling?
I need to get on with some course work, but just before I do, thought I’d do a quicky on this privacy issue as it is very important. Records of who we call or text (and where from if using a mobile, this allows them to track your movements, handy if you want to catch people using a phone when driving) are to be kept for at least 1 year (came into effect on 1st October 2007). These records can include ’sensitive’ information, such as if you called Childline, Samaritans (when I contacted them about this, they could not care less about the fact so many people can find out-list bellow) and it seems even calling crimes stoppers will be recorded and made available to others. If you call people that provide ‘confidential’ help for rape/abuse, emotional problems, dug/alcohol addictions, battered partner or anything else, that too will be kept. So will calls to your doctors, GUM clinics and sex therapist if you have one. The content of such things will not be recorded, but the fact we called a sex therapist means you will in effect be telling everyone you have a sexual problem. Who will have access to this? How long have you got? It’s a big list (795 public bodies and quangos all with varying degree of access). I would love to give the complete list but I can’t find a copy BUT here are some of them: Police, Security services, 475 local councils, Food Standards Agency, Department of Health, Immigration Service, Gaming Board, Charity Commission, Royal Navy Regulating Branch, Atomic Energy Authority Constabulary, Department of Trade and Industry, NHS Trusts, Ambulance Service, Fire Service, Department of Transport and the Department for the Environment.I wonder if NHRC are on the list. ThinkPolice will need approval of a superintendent or inspector (like they will say no!). Council officials will only need permission from the authority’s assistant chief officer. Thousands of staff in other agencies will need to get approval from a senior official. In other words, our telephone privacy is screwed! There is no mention of court orders/warrants and the government decided to not consult on this in parliament (they did not need to, they can alter some laws anytime they feel like it).Think you have nothing to worry about? Last year the voluntary arrangement that was in place untill this law allowed 439,000 searches of phone recordsFrom 2008 (not sure of exact date) the same will apply to websites we access and who we email.More info about it can be found at http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id=484752&in_page_id=1770&ct=5
Example 1
A girl becomes sexually active but does not want anyone other that her GP knowing. In most practices, that would not be allowed. The girl then become pregnant but wants a termination. She is now faced with 3 choices.
1) Tell the GP and allow her (or him if they chose not to see a female doctor) to share the data.
2) Try and force a miscarriage and not report it.
3) Go to a back street abortionist which may not be done safely and she runs the risk of being abused.
I for one think the latter 2 choices are dangerous and I find it appalling that the health profession seem to think these are 2 viable options.
Illegal abortions still take place in the UK. What has to be asked, yet the health profession refuse to ask, is, are illegal abortions taking place in the UK because the health profession refuse to allow access for legal abortions unless the woman agrees to inform others? If the answer is yes, then the health profession can/should be held responsible for illegal abortions. In other wards, the buck stops with the health profession.
Opps, have we lost even more CDs?
I must be the last privacy campaigner on the planet to comment on the HMRC screw ups. Here are the basics
25 million records along with names, address, DOB, partner details (if they have a partner that is) and Bank Info has gone missing (a junior official is being used as a scape goat while the people at the top get away with it. See, It’s not just the Met Office that keep the incompetent as senior levels).
In August a laptop that contained sensitive financial details of about 400 people with ISAs was stolen after being left in a car (not sure if that was HMRC).
In May HMRC posted details of the family tax credits of 42,000 families to other people after an apparent “printer error” (in other words a twit told the printer to do it wrong!).
A CD-Rom that contained information on 15,000 Standard Life customers had been lost (a pension thing, I think).
http://business.timesonline.co.uk/tol/business/money/consumer_affairs/article2917650.ece
Is this the end of the list? Probably not, yet for some reason they are still going ahead with the National Identification Register (the database behind ID cards), NHS database, child index……..Should we be worried? Hmmm, let me think on that one……..
-
Archives
- June 2009 (1)
- April 2009 (1)
- March 2009 (2)
- December 2008 (1)
- November 2008 (6)
- October 2008 (2)
- September 2008 (1)
- August 2008 (2)
- July 2008 (3)
- May 2008 (1)
- April 2008 (5)
- March 2008 (2)
-
Categories
- abuse
- access
- betrayal
- CCTV
- CDs
- child rights
- confidential
- data rape
- data security
- databases
- dignity
- distrust
- Divorce
- drug test
- ECS
- employeers
- ethics
- exam
- exams
- GPs
- Grampian
- health
- health access
- Human rights
- hypocrite
- insurance
- intrusion
- lamp post
- medical
- medical exam
- morals
- NHS
- opt-out
- patient rights
- privacy
- researchers
- schools
- SNP
- strip search
- telephone
- toilet
- Uncategorized
- victim rights
-
RSS
Entries RSS
Comments RSS
