foundation for information policy research
> Home
> About
> Policy Work
> Achievements
> Friends of FIPR
> Events
> Contact FIPR

Press Release — NHS Systems Fail to Protect Patient Confidentiality

The Foundation for Information Policy Research (FIPR) has called for much greater privacy protection for patients' medical information in a response to a National Health Service (NHS) consultation.

Current NHS strategy is focused on creating a central electronic patient record. There is already a "clearing" database that records payments made for all hospital treatment, along with the names and addresses of patients. Other medical databases available to ministers and civil servants contain enough information to identify the vast majority of the patients. FIPR believes that making this information available to so many NHS administrators and civil servants is unethical and will lead to growing abuse.

FIPR recommends that the NHS should instead concentrate on preventing existing abuse. For example, the British Medical Association recommended in 1996 that telephone requests to a health authority or provider for patient information should be logged, approved by a clinician and then authenticated by calling back to a telephone number in the NHS directory. A pilot of this scheme in one health authority exposed 30 phone calls per week made under false pretences. This suggests that over 200,000 attempts are made every year to get health information on patients, by investigators who call up pretending to be doctors or administrators. Most of these attempts currently succeed. Yet with the basic telephone discipline tested in the pilot scheme, the great majority of them could be stopped. But instead of extending this scheme across the country, NHS managers shelved it.

FIPR has also recommended that patients must unambiguously consent before their medical records are shared with anyone but the clinical staff actually providing treatment; that patients should be notified when breaches of confidentiality have occurred; and that invoices sent from hospitals to primary care trusts for hospital treatment should not carry the patient's name, but simply an order number.

FIPR chairman Ross Anderson said: "Patients entrust some of their most sensitive personal information to their doctors. NHS managers should not be trying to undermine that trust by spreading identifiable patient data around the health service bureaucracy and the civil service."

He continued: "The NHS must modernise their systems to protect rather than undermine patients' privacy. Otherwise they risk the trust between patient and doctor that is vital for effective healthcare."

Contacts for enquiries:

Ross Anderson
Foundation for Information Policy Research
01223 33 47 33

Notes for editors

  1. The Foundation for Information Policy Research (, is a non-profit think-tank for Internet and Information Technology policy, governed by an independent Board of Trustees with an Advisory Council of experts.
  2. Details of the NHS consultation are at:
  3. FIPR's response is available here.
Valid XHTML 1.0
Problems viewing this site?