[DAYS_LEFT] days left of your Medeconomics free trial

Subscribe now

Your free trial has expired

Subscribe now to access Medeconomics

Data security - Disclosing patient data by phone

Be on your guard over maintaining data security and patient confidentiality, says Dr Neil Paul.

Neil Paul
Neil Paul

A hot topic this month is the furore about hackers targeting minor and major celebrities' and politicians' mobile phones.

Not only has this brought data security back into the news. It has shown that not all data loss is accidental. Some clever individuals have obtained personal data by foul means.

But what has any of this got to do with GPs?

The black arts
According to a story called 'Masters of the black arts' (The Guardian, 10 July), there are private investigators specialising in obtaining individuals' medical information over the phone.

The favourite method is posing as A&E department staff members ringing GPs for information about a 'critically-ill patient' and asking them to read out the patient's medical record. Apparently, most GPs comply.

You might think you would recognise the name of a celebrity registered with your practice and think twice about giving their details. But would you know the name of a patient who has won an award for charity work that rogue reporters are trying to dig the dirt on? Or of a patient who has just been arrested for serious crimes?

While a really determined hacker can use all sorts of kit to listen in to signals, break encryption and clone phones, most books on hacking agree that the most successful ways of gaining information are by exploiting people's laziness and by bluffing them into giving the information or password.

Particularly with laptops and mobile phones, it is important to use passwords and PIN numbers to lock them.

Although unlocking your mobile for the umpteenth time in a day can be a pain, just think of the trouble its theft would bring.



  • Have a list of 'safe haven' fax numbers you can send data to securely. Make sure any fax number you use is one of them.
  • Ensure staff and others read and sign your security/confidentiality policy.
  • Ask visitors to sign in and use badges.
  • Lock rooms and computer terminals when not in use.
  • Use security levels (if available) to restrict access to parts of the system to specific individuals only.
  • Ask people you don't know for ID even if they look official or have a NHS badge.
  • Teach colleagues/staff to use hard-to-break passwords or pass phrases.

Do Not

  • Give out patient information to callers you do not know. Ring back on a number you have independently verified.
  • Write down passwords anywhere insecure.

Inspired work
Most mobile networks have a number that you can ring from a landline to check voicemail.

This can be exploited by hackers who ring their victim at a time when they think the person would be unaware of the call, and then try several default PIN numbers (such as 0000 or 1234) or make inspired guesses using dates of birth and so on.

This, it is claimed, enables hackers to get into people's accounts to listen to messages.

Be sure to activate a voicemail PIN after changing it from the default to a hard-to-crack' PIN.

Being able to wipe all the data from a lost mobile remotely would help. But this is only available with one make so far.

  • Dr Paul is a GP in Cheshire

Have you registered with us yet?

Register now to enjoy more articles
and free email bulletins.

Sign up now
Already registered?
Sign in

Would you like to post a comment?

Please Sign in or register.

Database of GP Fees

Latest Jobs