Disaster easily averted? – Data confidentiality and the hospital desktop computer

https://doi.org/10.1016/j.ijmedinf.2014.02.002Get rights and content

Highlights

  • Patient confidentiality is vital.

  • Hospital staff are poor at securing data on the desktop computer.

  • Training and awareness can only improve matters so far.

  • Systemic changes are required to prevent disasters.

Abstract

Objective

We specifically identified the hospital desktop computer as a potential source of breaches in confidentiality. We aimed to evaluate if there was accessible, unprotected, confidential information stored on the desktop screen on computers in a district general hospital and if so, how a teaching intervention could improve this situation.

Design

An unannounced spot check of 59 ward computers was performed. Data were collected regarding how many had confidential information stored on the desktop screen without any password protection. An online learning module was mandated for healthcare staff and a second cycle of inspection performed.

Setting

A district general hospital.

Participants

Two doctors conducted the audit. Computers in clinical areas were assessed. All clinical staff with computer access underwent the online learning module.

Intervention

An online learning module regarding data protection and confidentiality.

Results

In the first cycle, 55% of ward computers had easily accessible patient or staff confidential information stored on their desktop screen. This included handovers, referral letters, staff sick leave lists, audits and nursing reports. The majority (85%) of computers accessed were logged in under a generic username and password. The intervention produced an improvement in the second cycle findings with only 26% of computers being found to have unprotected confidential information stored on them.

Conclusions

The failure to comply with appropriate confidential data protection regulations is a persistent problem. Education produces some improvement but we also propose a systemic approach to solving this problem.

Introduction

Privacy is the right of an individual not to have their personal information exposed while confidentiality is limiting access to information to authorized individuals only [1]. In the context of a hospital, confidentiality is the principle of keeping secure and secret from others information given by or about an individual in the course of a professional relationship [2]. In keeping with the General Medical Council (GMC) Good Medical Practice guidelines, patients are entitled to expect that information about them will be treated and held in confidence by their doctors [3]. Failing to maintain confidentiality damages the doctor–patient relationship and is an ever-increasing source of complaints. The UK Information Commissioner's Office reported 12,985 data protection complaints during the year 2011/12 (with 10% being generated from the health sector) [4]. The US Department of Health and Human Services reported 9032 Health Information Privacy complaints in 2011 [5].

The Data Protection Act (DPA) of 1998 sets out eight principles for securely managing personal information [6]. While it does not articulate specific measures to be taken for compliance to be achieved there are published standards for best practice in this area (see Table 1) [7]. The information Commissioner's Office has the power to prosecute and issue fines of up to £500,000 to organizations found in breach of the Data Protection Act. A specific example is the £325,000 penalty notice served to Brighton and Sussex University Hospitals National Health Service (NHS) Trust following the discovery of personal patient data on hard drives sold on an internet auction site [4].

We identified the hospital desktop computer as a potential source of breaches in confidentiality. Regarding the storage of information the NHS codes of practice states: “It is essential, if the legal requirements are to be met and the trust of patients is to be retained, that the NHS provides, and is seen to provide, a confidential service” [8]. The hospital desktop computer is regularly in an open area accessible by all staff, patients and visitors. It is an ubiquitous piece of equipment in the modern workplace and essential to patient care both in primary and secondary care.

Concerns over maintaining confidentiality of patient information have been long-standing. In 1997 the Caldicott Report highlighted six key principles [9]:

  • 1.

    Justify the purpose(s) for using/transferring confidential information

  • 2.

    Only use patient identifiable information when absolutely necessary

  • 3.

    Use the minimum necessary patient identifiable information

  • 4.

    Access to patient identifiable information should be on a strict need-to-know basis

  • 5.

    Everyone must understand his/her responsibilities

  • 6.

    Understand and comply with the law

The legal requirements are laid out in the DPA. Part 5 of Schedule 1 states that “personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purposes or those purposes [6]. In this case this refers to the keeping of previous handover documents. These types of documents contain patient identifiable information, which is not of clinical use once the document, is out of date and should be erased on a daily basis.

Part 7 of Schedule 1 states that “appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data” [6]. The storage of unprotected patient identifiable information on the desktop screen is a failure to take appropriate measures to protect sensitive data. The bare minimum of password protecting any file containing patient identifiable information would meet the legal requirements.

We aimed to evaluate whether there was accessible unprotected confidential information stored on the desktop screen on computers in a district general hospital. If this was the case we also wanted to assess the effect of an educational intervention on staff compliance with data protection.

Section snippets

Materials and methods

The project was registered with the local clinical governance department (no. ENT07c11). On a single day, an unannounced spot-check of 59 desktop computers was performed. This was conducted across 30 wards and 1 discharge lounge (see Table 2). Two doctors assessed the computers (a Foundation Year 1 doctor and a General Practice Specialty Trainee Year 2 doctor). The computers were assessed to see if they were switched on, and if so if they were already logged in and the desktop able to be viewed.

First cycle

Fifty-nine computers were assessed. Five were switched off while 3 were being used and were switched off when finished with by the user. Overall, 28/51 (55%) computers had confidential information on the desktop that was visible on the desktop screen and easily accessible without any form of password protection. In most cases this information related to patients, however in 11/70 (16%) the information related to staff (see Fig. 2). The majority of confidential patient information was contained

Discussion

The widespread practice of using a generic username and password to log in to ward computers is something to be strongly discouraged as is the sharing of personal login information. Access to computers is often an essential part of healthcare staff's daily work and as such, there is great pressure upon staff to be able to use the computers immediately.

There is also a common misconception that such access is a difficult and prolonged process. Locally, computer login access is obtained by the

Conclusions

As technology advances, we become ever more reliant on computers to store confidential information. This audit identifies both human and systemic flaws that lead to potential failures in maintaining confidentiality. Education about this problem and the ease with which it can be solved has produced an improvement. The system approach we have suggested here should be used in addition to the educational intervention to achieve 100% compliance with data protection.

Integrity statement

All authors had full access to the data and take full responsibility for the integrity of the data and accuracy of the analysis.

Ethics statement

Ethical approval was not required for this study.

Funding statement

No funding was obtained for this study.

Transparency declaration

The lead author affirms that the manuscript is an honest, accurate, and transparent account of the study being reported; that no important aspects of the study have been omitted; and that any discrepancies from the study as planned (and, if relevant, registered) have been explained.

Data sharing

No additional data available.

Funding statement

No funding was received for this work.

Author contributions

Mr. Neeraj Sethi supervised the work. He also analysed the data apart from writing the manuscript. Dr. Gethin Lane and Dr. Sophie Newton collected and analysed the data. Mr. Philip Egan edited the manuscript. Mr. Samit Ghosh conceptualised, supervised, and edited the article.

Competing interests

There were no competing interests from any author. All authors have completed the Unified Competing Interest form at www.icmje.org/coi_disclosure.pdf (available on request from the corresponding author) and declare that NS, GL, SN, PE, SG have no non-financial interests that may be relevant to the submitted work.

Summary points

What is already known?

  • Failure to maintain confidentiality of an ever-increasing source of complaints for the health service.

  • The hospital desktop computer represents a

References (14)

  • A. Ferreira et al.

    Access control: how can it improve patients’ healthcare?

    Stud. Health Technol. Inform.

    (2007)
  • General Medical Council

    Confidentiality Guidance

    (2009)
  • General Medical Council

    Good Medical Practice

    (2013)
  • Information Commissioner's Offfice

    Information Commissioner's Annual Report Summary 2011/2012

    (2013)
  • US Department of Health & Human Services

    Health Information Privacy Complaints Received by Calender Year 2011

    (2012)

  • The Data Protection Act 1998

    (2013)
  • British Standard

    BS10012 Data Protection. Specification for a Personal Information Management System

    (2009)
There are more references available in the full text version of this article.

Cited by (8)

  • A systematic analysis of failures in protecting personal health data: A scoping review

    2024, International Journal of Information Management

  • On the Use of XML in Medical Imaging Web-Based Applications

    2017, IRBM
    Citation Excerpt :

    The main goal is to create security architectures that have been mainly designed for providing authentication and authorization services in web-based distributed systems. Most of the recent contributions are focused on authentication and data encryption but few works are focused in the anonymization of the medical data [38,50,51]. It is evident that most of the anonymization systems are applied directly to the DICOM protocol after the acquisition process.

  • Confidentiality of information stored on the desktop of computers in a psychiatric hospital before and after an intervention

    2021, CIN - Computers Informatics Nursing

  • The pros and cons of digital health communication tools in neurosurgery: a systematic review of literature

    2020, Neurosurgical Review

  • Research, technology, education & scholarship in the fourth industrial revolution [4IR]: Influences in nursing and the health sciences

    2019, Journal of Medical Investigation

  • Reconciling value-based objectives for security and identity management

    2018, Information and Computer Security
View all citing articles on Scopus
View full text
Copyright © 2014 Elsevier Ireland Ltd. All rights reserved.