This is a clearly written, well structured book that explores the challenges involved in maintaining the confidentiality of medical records. It is written by Heida Tranberg, a lawyer who specialises in intellectual property, information technology and privacy issues, and Dr Rashbass, previously a consultant in histopathology and now director of the Clinical and Biochemical Computing Unit in the University of Cambridge.

Five of the 10 chapters address questions and the answers provided are far from clearcut. For example, the authors start by asking: “Is there a medical privacy crisis?” They write that it is difficult to assess whether or not privacy is really under more threat today than ever before, but that many people perceive this to be the case. As evidence they cite the results of surveys undertaken mostly in the USA and Australia. However, it then transpires that, in these surveys, data protection did not promote strong spontaneous feelings—it emerged as a concern when people were prompted.

With paper health records handled millions of times a day (the authors quote data from the USA showing that in a single hospital admission the case records are handled by 150 people), it is interesting to read that there are relatively high numbers of medical negligence claims yet very few cases dealing with breaches of medical privacy. Numbers are not provided and the reference is to a contribution to a debate by Community Health Councils to the British Medical Informatics Society 4 years ago.

It is interesting to speculate whether confidentiality was raised as an issue when the surgeon, Ernest Codman, devised a medical records system for the Massachusetts General Hospital 100 years ago. For the first time there were moderately accurate and transparent records of the outcome of surgical interventions. I suspect that it was the doctors rather than the patients who were alarmed at this accumulation of information. Be that as it may, Dr Codman lost his job as a result of his efforts to gather and store information.

Other chapters that pose questions relate to consent, technology, how medical information should be treated, and the disclosure of records for legal proceedings. The issues raised are explored comprehensively and the arguments tightly addressed. This reader was grateful for the summaries at the end of each chapter. The potential benefits of an effective electronic record system are enormous—ask any hospital doctor struggling through a clinic with incomplete case records (and sometimes without any case record at all) or a GP coping with a patient recently discharged from hospital without accompanying information. One can understand the well meaning statement that “the benefits are only considered to outweigh the risks if appropriate privacy safeguards are in place”. But the authors do not attempt to define “appropriate”. Clearly, there are risks that people inside the system might misuse information that they are able to access quickly and easily, but one has to ask to whom would that information be of value—potentially insurance companies, the police, private investigators and possibly employers—but would they really use an internal mole? On the other hand, the information technologists will wish to make their systems as secure as possible against external interference because it is almost certain that hackers would be more likely to damage the system than to gain much valuable information.

The authors also explore the less controversial issues of personal access to records, public interest, research interests, anonymous information, and the Freedom of Information Act. They provide useful flowcharts that take the reader through the process of obtaining information from computerised health records while satisfying the requirements of the Data Protection Act and, from the other side of the fence, coping with requests for information balancing the requirements of Freedom of Information against Data Protection.

The final chapter suggests a way forward and explores three key principles: transparency, anonymous information, and consent. The authors are cautiously optimistic about the way in which the NHS is setting out its plans to develop and use patient information safely and effectively. Their closely argued contentions are likely to be of considerable help in taking these issues further. Meanwhile, we can only hope that the billion pound NHS data project will not suffer the fate of some other large information technology projects such as those inflicted on the Passport Office and Inland Revenue.