The Department of Health's plan for enabling the public to access their patient medical records online from 2015 needs to take into account the possibility of security being breached, and should include tough sanctions against those who fail to protect medical data or are caught trying to abuse it.
That's the view of David Evans, part of the strategic liaison team at the Information Commissioner's Office (ICO), who was speaking at a debate organised by medical software provider INPS, discussing the implications of patients having access to their medical records online.
"There's potential of abuse by unscrupulous individuals looking to gain access," he told the audience at BMA House, home of the British Medical Association in central London. "There will be those who seek to exploit it."
He used unwarranted access to police data as an example of a similar problem, when secure data about those connected to crimes has been breached.
The ICO will need the authority to impose sanctions on those who illegally access private medical data, Evans argued. "We'd like to see criminal action for those who access records... When we have sanctions we will use them."
Bodies that fail to take proper care protecting health data will also need to be subject to sanctions, Evans told the audience. He gave an example of "stupidity" when Brighton and Sussex University Hospital Health Trust was fined £325,000 after old hard drives, which still contained highly sensitive personal data about patients, were sold on eBay.
However, as long as it's properly regulated, the ICO is in favour of patients being able to access their data online, he added.
"We welcome this, this is the right way to go about transparency," he said. He argued that it represents a great step forward in the eyes of the ICO, but that there also needs to be support for patients and GPs. "It's do-able and, once it's done, we will strongly support online access."
The plans to let patients access their GP medical records online by 2015 were released in a Department of Health strategy paper, The Power of Information, which was released earlier this year. It set out a 10-year plan for transforming information for the NHS, public health and social care.
Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy