The director of a private health care organisation in the United States obtained a list of cancer patients from the computer database. As he was also a director of a local bank he was able to match the information with the list of outstanding bank loans so that he could call the patients in before they died.
Yesterday, Sir Kenneth Calman, the government's Chief Medical Officer, said the case offered a warning of what could happen if medical information were not secured. Speaking at the launch of a report on the protection of medical records he said the growth of computer networks meant more people had access to the information and there were greater risks that it could be misused.
He added: "That is a terrible example of the things that might happen. We must reduce that risk to an absolute minimum. We all have a right to have our personal information treated confidentially."
The report, Review of Patient-Identifiable Information, marks the end of a five-year row between the Department of Health and the British Medical Association which had urged doctors to boycott the NHS- wide net, linking computers in GPs' surgeries, hospitals and health authorities.
Dr Sandy Macara, the BMA's chairman, said there could be no guarantee that the American case could not happen here as things stood but there was now a joint determination to do something about it. "The problem was our lack of confidence in the NHS executive. We are not saying everything is now in place, but we are working to put measures in place. There is now agreement on what needs to be done."
However, Simon Davies, a lecturer in information technology at the London School of Economics and a former adviser to the BMA, said the centralisation of data on the NHS net would create a "hacker's smorgasbord."
The net started on 1 April, 1996, but was relaunched on Tuesday as part of the NHS White Paper reforms with a promise that patients would get test results quicker and could book hospital outpatient appointments before leaving the surgery.Reuse content