To ask the Secretary of State for Health
(1) what provision there will be for the care record system to be shared with private sector providers undertaking NHS work;
(2) what safeguards will be put in place by the national programme for IT to ensure information cannot be shared with organisations outside the NHS.
The NHS Care Records Service (NHS CRS) will incorporate stringent security controls and safeguards to prevent unrestricted or uncontrolled access to personal information. Access will only be available to authorised national health service healthcare professionals who must be registered and authenticated users of the NHS CRS. They must have a legitimate relationship with the patient, that is they must be directly involved with the delivery of their care and have a 'need to know' relevant to that role. A record will be kept of everyone who accesses a patient's record and alerts will be raised if anyone tries to access a record in contravention of predetermined system rules.
Breaches of confidence by staff working within or under contract to NHS organisations, or inappropriate use of health records or abuse of computer systems, may lead to disciplinary measures, bring into question professional registration, and possibly result in legal proceedings.
Where an NHS patient is referred for treatment to a private sector healthcare provider, or in another European Union state, relevant information will be made available where appropriate through the existing request mechanisms, but access to the information on the NHS CRS will be under exactly the same stringent conditions.