DATA-SECURITY AND PATIENT CONFIDENTIALITY - THE MANAGERS ROLE

The maintenance of patient confidentiality is of utmost importance in the doctor patient relationship. With the advent of networks such as t he National Health Service Wide Area Network in the UK, the potential to transmit identifiable clinical data will become greater. Links betw een general practitioners (GPs) and hospitals will allow the rapid tra nsmission of data which if intercepted could be potentially embarrassi ng to the patient concerned. In 1994 the British Medical Association l aunched a draft bill on privacy and confidentiality and in association with this bill it is pushing for encryption of all clinical data acro ss electronic networks. The manager's role within an acute hospital, c ommunity units and general practice, is to ensure that all employees a re aware of the principles of data protection, security of hospital co mputer systems and that no obvious breaches of security can occur at p ublicly accessible terminals. Managers mast be kept up to date with th e latest developments in computer security such as digital signatures and be prepared to instigate these developments where practically poss ible. Managers must also take responsibility for the monitoring of acc ess to terminals and be prepared to deal severely with staff who breac h the code of confidentiality. Each manager must be kept informed of e mployees status with regard to their 'need to know' clearance level an d also to promote confidentiality of patient details throughout the ho spital. All of the management team must be prepared to train new staff in the principles of data security as they join the organisation and recognise their accountability if the programme fails. Data security a nd patient confidentiality is a broad responsibility in any healthcare organisation, with the Chief Executive accountable. In family practic e, the partners are responsible and accountable. The British Medical A ssociation believes as a matter of policy, that allowing access to per sonal health data without the patients consent, except in a legally al lowable situation, should be a statutory offence.