The main subject of medical privacy is the 'medical record' which historically has been a paper file of the entire medical history of the patient. Various electronic forms of medical records have existed in western countries, but mostly in an unintegrated fashion. This lack of integration has in a large part facilitated privacy. While the patient's general practitioner (GP) often generates and holds much data, copies can end up being produced at hospitals and other care facilities - often resulting in medical errors.

United Kingdom

By 1999, 62% of the National Health Service (NHS) trusts used electronic records, to some degree.

In 2003 the NHS has taken moves to create a centralised electronic registry of medical records. Its privacy is protected by the UK's Government Gateway, built by Microsoft. The programme is called Electronic Records Development and Implementation Programme (ERDIP). The NHS National Programme for IT has been criticised for its lack of security and lack of patient privacy. It was one of the projects that has caused the Government's own Information Commissioner to warn that there is a danger of the country "sleepwalking" into a surveillance society. Pressure groups opposed to ID cards are also campaigning against the centralised registry.

Privacy is based on patients' rights in the UK, flowing from the European Convention of Human Rights through the Data Protection Act (DPA) in the UK. The opposing point of view that access is on a 'need to know basis' is not legal, it is the patient who must grant access.

United States

See: Health Insurance Portability and Accountability Act of 1996

In the USA, the Medical Information Privacy and Security Act (MIPSA) is the new development. It contains important provisions requiring accesses to generate an audit trail, and for patients to be able to partition their data so that for example genetic information is not revealed when they go for a flu shot. Individuals have a right to access, copy, edit and augment their information.

New Zealand

In New Zealand, the Health Information Privacy Code (1994) sets specific rules for agencies in the health sector to better ensure the protection of individual privacy. The code addresses the health information collected, used, held and disclosed by health agencies. For the health sector the code takes the place of the information privacy principles.

External links

• European Standards on Confidentiality and Privacy in Healthcare
• Opt out of the NHS Spine, or the NHS Confidentiality campaign