Broken Records: 100,000 hospital administrators, porters and IT staff able to access confidential medical records

New research conducted by Big Brother Watch reveals that there are at least 100,000 non-medical personnel in NHS Trusts across the country with access to confidential medical records

Top lines from the research (the full report with a complete breakdown of the number of non-medical personnel in each NHS Trust is available here) include:

  • There are at least 101,272 non-medical personnel working in NHS Acute Trusts in Britain that have access to confidential medical records. On average, 723 staff not involved in direct patient care in each Trust have access to medical records.
  • Sandwell and West Birmingham is the Trust in England with the highest number of non-medical personnel with access with 2487. Cardiff and Vale NHS Trust is the second highest nationwide and the highest in Wales with 2046. Belfast Health and Social Care Trust is the highest in Northern Ireland with 1812 and NHS Greater Glasgow and Clyde, with approximately 1300, the highest in Scotland.
  • Only 72% of Trusts in Great Britain and Northern Ireland were able to answer our request, the failure of the rest demonstrates the slack security and monitoring around those with access to patient medical histories. The final figure could therefore be much higher and could be as high as 140,000 personnel nationwide, extrapolating the average to cover the country as a whole.
  • From the responses received, in certain NHS Trusts access to confidential medical records is provided to hospital porters, IT staff and those working in the finance department.
  • The NHS is in direct contravention of the European Court of Human Rights, whose 2008 judgement I v. Finland established a legal duty to restrict medical records only to those directly involved in personal care.

Research conducted by Big Brother Watch has revealed that there are at least 101,272 non-medical personnel with access to confidential medical records in 140 NHS Acute Trusts in Britain and Northern Ireland. Fifty-four Trusts (predominantly the larger ones) failed to provide an answer to our Freedom of Information request, suggesting that the final figure could be as high as 140,000 NHS workers who are able to access records but are not directly involved in patient care.

Access to confidential patient records in the NHS is largely unregulated and fluctuates depending on staff turnover, access to the computer network and changing security clearance. There is a general lack of security around medical records which both ignores the ECHR judgement I v Finland and has, in the past decade, resulted in regular cases of abuse and security breaches. The report – Broken Records -  is an analysis of the status of confidential medical records in the UK, the security around access to sensitive personal information and how the Government’s NPfIT and the Conservatives' private sector proposals could change the current situation for the worse.

Alex Deane, Director of Big Brother Watch, said:

“The number of non-medical personnel with access to confidential medical records leaves the system wide open for abuse. Whilst Big Brother Watch has considered emergency, necessity and practicality concerns, we believe it is necessary to drastically reduce the number of people with access to medical records to prevent the high rate of data loss experienced by the NHS. The Government needs urgently to address the dire state of security around our medical history before it rolls out the Summary Care Record, granting access to hundreds of thousands of additional NHS staff across England.”

To read the full report, which includes detailed information on every local authority, please click here.

Posted by on Mar 25, 2010 in Home | 5 Comments


  1. alastair
    26th March 2010

    “in certain NHS Trusts access to confidential medical records is provided to…IT staff…”
    It’s probably true in all NHS trusts that some of the IT staff (or possibly IT contractors) could get access to medical records, even if they aren’t supposed to; users with systems administrator privileges are often able to access files directly without restriction anyway. And then there’s also the issue of back-ups; how they are stored (e.g. tape, cloud back-up), how they are secured and so on. So I think it’s more likely that the trusts who reported this were just being a little more forthcoming than their brethren.

  2. Lamkyns
    26th March 2010

    In the end, anyone with a email address will be able to access all the data held about you by the government, local authorities, NHS etc. When data sharing orders come in, your will have access to your mastercard bills including how much you’ve spent at the off licence. My advice: opt out of the NHS database. The big opt out letter is here for you to send to your GP: //
    And, don’t use debit/credit cards, at least not at the offie.

  3. Wirkal
    29th March 2010

    The Health Insurance Act and the implantation of RFID in the U.S.
    Links and video:

  4. Dave
    7th April 2010

    Whilst I think this story is important, I do think there are some very important points that should have been addressed before being printed.
    Access by reception staff is nothing new. If you have GP in the UK, then the reception staff have access to more nfo than a receptionist in a hosptial. For example if you have had medication for impotence, terminations, depressen etc, then the reception staff would have access to this. Some also have access to referal letters.
    I firmly believe that no reception staff should have access to medical info but at the same time I find it odd that whilst some people are complaining some reception staff have access they are not complaining other reception staff have an even greater access.
    In all the stories I have seen about this, none have picked up on the rulling in 2008 (Finland) showed that simply telling staff not to access the data was not good enough, they have to be incapable of accessing the data. In other words, the 140,000 staff who can access the record amounts to 140,000 breaches of the Human Rights Act

  5. jordan 1 flight low
    26th July 2010

    In order that people may be happy in their work,these things are needed:they must be fit for it; they must not do much
    of it; and they must have a sense of success in it. Do you understand?