The risks of using online storage devices for patient data
By: Dr Pallavi Bradshaw | Post date: 02/06/2014 | Time to read article: 2 minsThe information within this article was correct at the time of publishing. Last updated 18/05/2020
Medicolegal adviser and MPS spokesperson, Dr Pallavi Bradshaw, highlights security as an issue with saving patient records online
Online storage services are no doubt useful to both doctors and patients. They help reduce the use of paper and allow for more convenient access and updating of patient records. However there are a number of medicolegal issues to consider with this method of storage.
Currently steps are being taken by the NHS in England to provide the public with online access to their medical records, a move which has the potential to transform patient care. But for GPs at practice level, storing sensitive patient data to external sources represents an unnecessary risk.
The greatest risk with saving sensitive data to an external storage device is security; particularly with the use of virtual servers, accessible online, known as cloud storage. Cloud storage services are popping up everywhere online and are quickly becoming an acceptable means for saving many types of data that would otherwise fill up a large space on your computer’s hard drive.
But when it comes to cloud storage it’s important to remember that someone else is looking after the data, on your behalf. While you will have no control over where the information is stored or how it’s protected you should be satisfied that there are reasonable safety provisions in place as data lost or stolen would be a serious breach of patient confidentiality.
Consider the patient
Currently, public opinion remains sceptical to the idea of online records. A recent MPS research report into views towards online medical records showed a strong aversion to the idea, with 80% of the public highlighting security as an issue. Opinion amongst doctors was also telling, with 86% concerned that their patients’ medical records would not be secure.
It’s important to consider whether the advantages of storing patient records online outweigh the consequences of a security breach - simply put, they don’t. It’s also important to consider the patient and whether they would consent to their records being saved anywhere other than the hard drive on your office computer.
For patient consent to be valid they must have sufficient information to make a choice. This applies not only to the treatment they receive but the way their private information is stored and shared.
Sensitivity towards sharing confidential patient information was brought to light recently with the proposed roll-out of care.data, a programme which has been delayed in order to provide the public with a clearer understanding of how their data will be shared.
MPS raised concerns about the care.data programme, after 77% of GP members told us they did not think NHS England had given them enough information to properly inform patients.
Communication is key
What can be learned from the care.data programme is that communication is essential to the understanding and acceptance of any proposed plans to store patient data online, whether it is accessible by the patient or not.
If you intend to keep patient records online you must ask for their consent to do this, as well as make them aware of what details will be stored and who has access to them.
When it comes to cloud storage services you must be mindful that you are placing huge trust in someone else to keep your patient’s information safe. It seems sensible then to use services provided by the NHS.
The idea of a centralised online storage system, where doctors can upload their patients’ records that can then in turn be accessed by the patient, could revolutionise the doctor-patient partnership. But currently, the options available are far from secure and not advised.