Electronic patient records are no different from paper records in terms of their content and legal status. However, particular considerations affect the security, confidentiality and information sharing arrangements for electronic records.
The policy and principles governing access to patient information, and obligations and standards governing its use applying to staff working within or under contract to national health service organisations are contained in the document "Confidentiality: NHS Code of Practice" published in November 2003. Breaches of confidence, or inappropriate use of health records or abuse of computer systems, may lead to disciplinary measures, bring into question professional registration, and possibly result in legal proceedings.
The care record service (CRS) being introduced through the national programme for information technology in the NHS is incorporating stringent security controls and safeguards that will ensure that there is more control over who has access to their information than is possible with existing systems. Under the NHS, CRS patients will also have the right to define some information as especially sensitive and only accessible under terms of explicit consent. This reinforces the key statutory safeguards set out in the Data Protection Act 1998, with which all information users must comply.