Yesterday saw a rapid response on the BMJ website reporting that attempts to get personal health information on 51 patients (at 45 general practices) by phoning up with a plausible excuse succeeded in almost all cases – 50 of the 51.

I have raised this issue with the Department again and again. The first time was in 1996 when an exercise at the N Yorks Health Authority, conducted by Alan Hassey for the BMA, detected 30 false-pretext phone calls a week. We (I was advising the BMA at the time) asked the then CMO Sir Kenneth Calman to introduce decent operational security procedures throughout the NHS. He not only refused – we learned that the NYHA were ordered to stop cooperating with us. This is described in the relevant chapter in my book. Most recently, I discussed this issue with David Nicholson, Richard Granger and Harry Cayton at an NHS conference early least year; they did not accept that there was a problem, or at least not any more (the line as I recall it was that smartcards would fix it). Yet the problem clearly remains. Unless you train your staff not to blab out patients’ information on the phone, they usually will blab them out – to anyone who pretends to have a ‘need to know’.

The BMA’s annual representative meeting supported patients who opt out; it also called for a halt to development of the care records service and backed a motion expressing no confidence in the government’s ability to store patient records safely.