B – Assuring the confidentiality of shared electronic health records

McGilchrist M, Sullivan F, Kalra D. Assuring the confidentiality of shared electronic health records. BMJ 2007;335:1223-1224 (15 December)

In health care, the collection and storage of sensitive personal data is essential for delivering a high quality clinical service and for research, that is why, considered the recent scandals related to losses of sensitive data, we urgently need better technical measures to enforce and verify procedures that represent good practice, in storing, managing and sharing data between institutions. Standard operating procedures (SOPs), can prevent inadvertent disclosure of data only if staff are trained to use them consistently; if users do not have malicious intent, are competent, and don’t make mistakes; and if the author of the SOP has planned for all scenarios relating to data access and sharing. This is why SOPs are important but also insufficient, because they form a closed opaque system, and need to be improved to provide transparency, counter conflicts of interest, and enforce agreed procedures.