The BMA has today [Wednesday 22 September 2010] called for tougher safeguards to protect patient confidentiality for electronic patient records. The calls come as members prepare to debate the Health Committee report on Clinical Portal Technology  and Telehealth.
Dr Alan McDevitt, deputy chairman of the BMA’s Scottish General Practitioners Committee and lead on IT issues, said:
“The ease with which patient information can now be shared challenges us to come up with new ways of protecting information they have shared with us. With the growing use of electronic patient records, it is essential that we know who has looked at which records and when, so we can ensure only appropriate access.
“Although BMA Scotland is broadly supportive of the Clinical Portal Technology project, we do have concerns relating to patient confidentiality and how access to the system will be managed. If portals are to be accessible from computers anywhere within the NHS then it is our view that username and password access does not offer sufficient security of data.
“We are concerned that it may be commonplace for usernames and passwords to be shared between medical staff. This can often occur because staff do not receive access to systems promptly enough or are unable to reset their access out of hours. While this is already an issue of concern, the risk of misuse in an environment where clinical portals display much more data about many more people, is considerably greater.
An identity and access system  is required to ensure that access is granted promptly to those who need it (after secure identity checks), that they can reset access at all times and that access is stopped when they leave or change roles.
“The BMA strongly believes that introducing tighter controls will be far more effective at limiting inappropriate access to electronic patient records than using retrospective audit in isolation.”
Source: BMA Scotland