The British Medical Association (BMA) has today (30 June 2010) supported calls from Scottish doctors to create further safeguards to protect patient confidentiality by introducing proper identity and access procedures for electronic records.
The debate was heard at the BMA’s annual conference in Brighton. Proposing the motion, Dr Mary Church, a GP in Lanarkshire, said: “The ease with which our patients’ information can now be shared challenges us to come up with ways of protecting information they have shared with us.
“Information sharing can benefit patients and we have always done this, particularly with referrals to specialist services.
“If we are to use electronic patient records then it is essential that we know who has looked at which records and when, so we can ensure only appropriate access.
“To do this you need to have clear ways to give staff a unique electronic identity as soon as they start work and which can be removed when they leave their post.
“A proper identity and access management system must be in place to give proper electronic identities and access.”
Dr Church added: “Doctors and other staff who are not caring for a particular patient should generally have no legitimate interest in their medical records. Access to particular patient files should therefore normally be limited to those who have a legitimate current clinical relationship with the patient. I believe that these conditions are necessary to maintain appropriate confidentiality of patients’ medical records.”
Conference agreed and supported the motion, which now becomes BMA policy.