We have described the threats to the confidentiality, integrity and availability of personal health information in the light of experience in the UK and overseas, and proposed a clinical information security policy that enables the principle of patient consent to be enforced in the kind of heterogeneous distributed system currently under construction in the UK.
Clinicians making purchasing decisions are encouraged to favour systems which have been evaluated for compliance with this policy. Where no evaluated system is yet available, purchasers should take into account the extent to which available products support the principles set out here, and whether the supplier will undertake to provide an upgrade path to an evaluated system.
Where none of the available products provides an acceptable level of computer and communications security, the advice of the British Medical Association to its members is that exposing unprotected patient identifiable clinical information to the NHS wide network (or indeed to any other insecure network), or even sending it in encrypted form to an untrustworthy system, is imprudent to the point of being unethical.
Acknowledgements: Valuable input was received during the preparation of this document from a number of healthcare professionals, including Fleur Fisher, Tony Griew, Simon Jenkins, Grant Kelly, Stuart Horner, Hilary Curtis, Simon Fradd, John Williams, Iain Anderson, William Anderson, Roger Sewell, Mary Hawking, Ian Purves, Paul Steventon, Steve Hajioff, Stan Shepherd, Jeremy Wright and David Watts; from a number of computer scientists including Stewart Lee, Roger Needham, Mark Lomas, Bruce Christianson, Ian Jackson, Mike Roe, Jeremy Thorp, Roy Dainty and Ian Keith; and from philosophers including Beverly Woodward, Ann Somerville and Keith Tayler.