Sitemap | Advanced Search
Education & publications
United Kingdom
Home / UK / Education & publications / Booklets / Common Problems - Managing the risks in general practice / Computerised and electronic records

Computerised and electronic records

There are many advantages to holding information in electronic form, not least of which is the greatly-reduced storage space that is needed. Computer records can be easier to track and access and, if they are password accessible, it is also easier to restrict access to specific personnel.

Compared to paper records, on the other hand, the effects of unauthorised access to computer records are potentially of a greater magnitude. The example from the USA in Box 8 graphically highlights the damage that can be done when the security of computerised records is breached. Moreover, as systems increasingly become networked, the opportunities for security breaches are expanding.

Box 8: Need to know? 

An audit carried out after a celebrity had been admitted to hospital in 2007 revealed that more than 50 staff who were not involved in his care had accessed his medical records. Media reports did not specify who the celebrity was, or which hospital it concerned, but the staff were resumably subjected to disciplinary proceedings.

Soon after this, across the Atlantic, George Clooney was admitted to the Palisades Medical Center following a motorbike accident. Subsequent to this, 27 staff who were not involved in his care were suspended without pay for accessing his medical records.

Even further afield, Auckland District Health Board fired one employee and disciplined 20 others “for examining the private medical records of celebrities”. The hospital routinely runs electronic audits after a celebrity has stayed in the hospital.

What you can do to minimise the risk of security breaches

  • Position computer screens and printers where they can’t be seen by unauthorised people. 
  • Impress on staff that they must not disclose their password for any reason. 
  • Change passwords regularly.
  • Resist the temptation to keep a standard password for use when hiring locums. 
  • Introduce practices such as always locking workstations before leaving them unattended. 
  • Use software that restricts access to authorised users and generates audit logs. 
  • Back-up files regularly and keep back-ups in a secure environment. 
  • Regularly review the effectiveness of your security measures. 
  • Install a good firewall and regularly-updated virus-checker.

The Medical Protection Society Limited. A company limited by guarantee.
Registered in England No. 36142 at 33 Cavendish Square, London, W1G 0PS. VAT number 524 251475.
Tel: +44 (0)20 7399 1300 Fax: +44 (0)20 7399 1301 Email: info@mps.org.uk
MPS is not an insurance company. All the benefits of membership of MPS are discretionary
as set out in the Memorandum and Articles of Association.