NHS database awaits legal diagnosis

Government IT projects have a pretty poor reputation. They turn up late, cost twice as much you expect, and don't work when they arrive. But the NHS looks set to go one better. Legal experts are warning that its £6bn database could actually breach your human rights.

The idea of the database sounds sensible enough. Each patient will have a single record, detailing their medical history, allergies and any medication they're on. Doctors should thus have all the information they need to treat them, whether they're in Plymouth or Penrith.

It's a nice theory, but critics are fretting about data security. Tens of thousands of NHS staff will have access to the database. It would only take a couple of them to create data losses of tabloid headline proportions. "The real test will be whether Leo Blair's

vaccination records ever go on," says healthcare IT expert Richard Gunn. "Because 30 seconds later the papers will know whether he had the MMR."

Now campaigners say a judgment from the European Court threatens the entire project. The ruling concerned a Finnish nurse who lost her job after colleagues discovered she was HIV positive. The hospital argued that, by punishing those who'd misused her records, it had done all it could to protect her. Nonsense, the court replied. Instead it demanded measures which "exclude any possibility" of a breach occurring in the first place.

This could have big implications for the NHS database. While it's packed with security measures, most of them involve deterring and punishing misuse, rather than actively preventing it.

Staff will only be allowed to look at the details of patients they're treating; they'll need a 'smartcard' and password to log in; and there'll be a record of every time they do, so that abusers can be caught. But