Could online access to patient records spark ‘ID theft’?
While consulting patients, GP’s record the data which then becomes available online. This can be then accessed patients and authorised personnel.
Beverley Bryant, NHS England’s director of strategic systems and technology, said: ‘Practices are required to check and verify people’s identify [sic] before issuing access credentials and guidance has been made available to them through NHS England and the RCGP. In addition, practices should make patients aware of their responsibilities and safeguards they should apply when accessing their records.” But with everything being available online there is potential for the information to be compromised.
Dawn Monaghan, group manager at Information Commissioner’s Office (ICO) public services explained ‘We see very few [breaches] that are, what you would call “malicious security issues”; where somebody deliberately breaches password protocols, cybercrime, those sorts of things… within the health sector.”
NHS England told Pulse “only patients and authorised carers will have access to online records, adding that practices must verify patients’ identities and explain the relevant safeguards.”
Dawn Monaghan also mentioned “I would suggest the cyber-security side of things, the ID-theft side of things, will start to come up the pile in health when we get proper online access to patient records. That is a real danger, and that is where security by design and security in an organised way come in.”
In a day and age where data is becoming more accessible, there is always a fear that sensitive data can be compromised. However, with the right security protocols such attacks can be avoided.