Managing hospital databases: can large hospitals really protect patient data?

Abstract

Between 1998 and 2003 a number of European countries, the UK, Canada, Australia and the US all introduced data privacy legislation that sought to comply with the European Data Privacy Directive of 1995 in protecting the privacy of individuals undergoing treatment in large hospitals. In 2004 we find that hospital administrators within these jurisdictions are still struggling to find ways to implement and maintain hospital databases while complying with the given legislation - where compliance seems to require a whole new approach to database management. This research examines the UK Data Protection Act 1998 and considers whether current database management systems allow the EU Directives contained in the Act to be followed in practice. It finds a number of recurrent problems with hospital systems that would make compliance with the Act difficult. These findings have significant implications for hospital information systems development and design.