An IT manager with the NHS faces the possibility of going to jail after it was discovered he illegally accessed the records of friends, relatives and colleagues. During his tenure as an IT manager he accessed 431 records.

John Fitzsimmons, director of performance, governance and informatics for NHS Hull, said Trever’s actions were a serious breach of trust. He welcomed the fact a successful criminal prosecution has been brought and that a custodial sentence is being considered.

Even though Mr Fitzsimmons claims it sends out a powerful message to NHS staff and the healthcare community about the importance of data protection, the approach the NHS is taking here is the wrong approach, as staff could find ways to mask their IDs or use ghost IDs to access medical records.

The NHS is known for its high rate of data breaches and is unable to take the necessary steps to stem the flow of these data leaks, and now with the current government spending cuts expect the number of data breaches to rise significantly.

The NHS cannot continue to depend on staff trust and compliance to the data protection policies in place to stay compliant. There are tools like enterprise rights management that can help enforce data protection making sure that medical records can only be accessed by designated persons.

Even when records are transferred to another NHS authority it can be done electronically at minimum cost using enterprise rights management which prevents snooping because it provides persistent security for documents while in use, in transit and at rest.

In conclusion, the government needs to invest in enterprise rights management or similar tools to restore public confidence in the NHS’ ability to protect our medical records no matter where it is located.

Deploying enterprise rights management to protect medical records is the logical way forward to stem the number of data breaches in NHS, the earlier this is recognised the better it would be for the stakeholders involved.