In this paper, a practical approach to managing the confidentiality of patient information in large-scale clinical information systems in the acute hospital is described. The traditional approach of limiting the functions that hospital staff can undertake is necessary but not sufficient. Control over access to the individual patient is required, with this access only being granted when the member of staff’s rights match a patient’s current clinical contacts. In our experience, the setting-up and maintenance of such rights is a non-trivial, but achievable, task.
References
1.
Burns F.Information for Health. NHS Executive, 1998.
2.
Anderson R J.Security in Clinical Information Systems. London: BMA, 1996.
