Abstract
Doctors have a duty to preserve patient confidentiality. Increased use of information technology has made it necessary to introduce new codes of practice relating to the handling of confidential patient information. The 1998 Data Protection Act defines what is legal and appropriate regarding the use of such information and defines the responsibilities of those who record and use that information. The Act describes the rights of subjects who have information recorded about them and their forms of redress. National codes of practice on patient confidentiality are based on the legal requirements of the Act. Access to patient information systems needs to be controlled to prevent unauthorized access. Much of the process of information security is managed at Trust level, but all doctors need a basic knowledge of computer system security. As well as access control, security measures must try to ensure that stored information remains intact and yet available to all users who have authorization. This is the triad of confidentiality, integrity and availability. In attempting to achieve these aims some compromise is necessary because there is some degree of mutual incompatibility. The actual measures taken in each case depend on the sensitivity and importance of the information. The Act only states that appropriate security measures should be taken, they are not defined. Information security does not relate solely to computer systems; paper records, telephone messages and faxes are equally important. There are many technological aids to improving security that the NHS must consider, though for most doctors the essential issues are of awareness and a cultural change of practice.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call