NHS database awaits legal diagnosis

Government IT projects have a pretty poor reputation. They turn up late, cost twice as much you expect, and don't work when they arrive. But the NHS looks set to go one better. Legal experts are warning that its £6bn database could actually breach your human rights.

The idea of the database sounds sensible enough. Each patient will have a single record, detailing their medical history, allergies and any medication they're on. Doctors should thus have all the information they need to treat them, whether they're in Plymouth or Penrith.

It's a nice theory, but critics are fretting about data security. Tens of thousands of NHS staff will have access to the database. It would only take a couple of them to create data losses of tabloid headline proportions. "The real test will be whether Leo Blair's vaccination records ever go on," says healthcare IT expert Richard Gunn. "Because 30 seconds later the papers will know whether he had the MMR."

Now campaigners say a judgment from the European Court threatens the entire project. The ruling concerned a Finnish nurse who lost her job after colleagues discovered she was HIV positive. The hospital argued that, by punishing those who'd misused her records, it had done all it could to protect her. Nonsense, the court replied. Instead it demanded measures which "exclude any possibility" of a breach occurring in the first place.

This could have big implications for the NHS database. While it's packed with security measures, most of them involve deterring and punishing misuse, rather than actively preventing it.

Staff will only be allowed to look at the details of patients they're treating; they'll need a 'smartcard' and password to log in; and there'll be a record of every time they do, so that abusers can be caught. But none of these are enough to guarantee that the wrong people won't look at your medical history. Smartcard systems tend to be undermined by users who stay logged in to save time. And while there are rules about whose records staff can look at, there can't be any actual blocks, or the system would be useless in an emergency.

As a result, argues Douwe Korff, professor of international law at London Metropolitan University, the database could fall foul of the European court. "It's not good enough to say it shouldn't happen," he says. "They need to take reasonable measures to ensure patient confidentiality."

Campaigners have called on the government to scrap plans for a single database. They say that linking up existing GP records could provide many of the same benefits, but reduce the odds of frightening headlines in the Daily Mail.

So far, though, the government has shown little appetite for the change, and if it is concerned about the legal situation it isn't showing it. It says the ruling will have no impact on policy. It has even dropped hints about making the database even bigger, by opening it up to social workers. The Department of Health has consistently refused to publish legal advice which it says shows the system is lawful. As a result, a test case could be needed to clarify the situation.

That would take time. But if a British court did find against the database, the government could be forced to junk the whole thing. That £6bn investment might be no more secure than your medical records. ·