Search tips
Search criteria 


Logo of jrsocmedLink to Publisher's site
J R Soc Med. 2004 September; 97(9): 455.
PMCID: PMC1079603

Lack of confidentiality with the Picture Archiving and Communication System (PACS)

Within a few months after the introduction of PACS in our trust for viewing and storing radiology images we noticed two very distinctive images being accessed recurrently in our department. These were accessed mainly by staff from other departments who were demonstrating the abnormalities to groups of onlookers. The first image is of a priapic penis. The second shows a massive vibrator in a patient's colon. Both the images have had measurements taken and the virtual rulers have been left across the images.

Our NHS trust extends over two separate hospital sites. The second patient never attended our hospital site; he was treated at the adjacent site. Both these images are freely available for viewing across both sites by means of PACS. It has become apparent that the names of these patients are known to a wide variety of medical, nursing and ancillary staff from various specialties across the two hospital sites.

From access records obtained by our information technology department we found, for the three PACS terminals in our emergency department (ED), the first patient's images had been viewed on 9 instances by 5 different users, whilst the second patient's images had been viewed on 16 instances by 10 different users. These figures are an underestimation of the number of times these images are downloaded as the PACS system is also aligned to the world-wide-web browser; web-based viewings cannot be counted and are untraceable to user.

We took several steps to decrease the chance of recurrence. Notices were put on all the computer terminals reminding users to log out after each episode. We informed all users of the terminals that we were able electronically to ascertain what images they were accessing. The doctors who were known to have downloaded these images in the ED were asked by a consultant whether they believed they were acting in the best interests of patient care and whether they believed they were upholding the patient's confidentiality. They were reminded of the Caldicott principles.1 Since these procedures have been put into place only one similar episode has occurred to our knowledge.

The advantages of PACS and similar systems are ease of access and immediate sharing of data and images that can result in better patient care.2 With an electronic system, images can be viewed trust-wide, on any terminal, at any time. From the initial impulse to download an image to actually looking at the image takes only a few seconds; if you remember the name you can find the image. With hard copies, the effort involved in finding the radiograph gives time for the clinician to reflect whether there is a need to share the information; hard copies can only be in one place at any one time. They tend to stay with the patient and the team looking after the patient, and are filed away when the patient is discharged.

Some work has been published on the confidentiality of computer-stored medical information.3 With specific reference to radiographs stored on a web-based system such as PACS much effort has gone into ensuring that the information is secure. In relation to the instances at our trust illustrated above, we find that simply using passwords and usernames to access medical information may not be enough. The mere knowledge of a patient's name is sufficient information to enable anyone logged onto the system to access all imaging for that patient. With the advent of systems to make more medical information available this worry becomes increasingly pertinent across other fields.

Medical information should be handled discreetly and in such a way that patient information is fully protected.4 The Caldicott Report,1 published in 1997, made several recommendations aimed at protecting such information:

Justify the purpose(s) of using confidential information

Only use it when absolutely necessary

Use the minimum that is required

Access should be on a strictly need-to-know basis

Everyone must understand his or her responsibilities

Understand and comply with the law.

Nothing can guard against the voyeuristic nature of human beings. However, the use of information technology and digital web-based information systems being brought into use nationally throughout all NHS trusts5,6 brings into question how to ensure that patients' personal information is accessed only by those who 'need to know', with utmost respect for confidentiality.

Names and addresses supplied*


*The JRSM waived its usual rule against anonymity because the authors wished to make a general point without embarrassing local colleagues or their hospital trust—Editor


1. Department of Health. The Caldicott Committee—Report on the Review of Patient Identifiable Information. London: DoH, 1997. []
2. Muller H, Michoux N, Bandon D, Geissbuhler A. A review of content-based image retrieval systems in medical applications—clinical benefits and future directions. Int J Med Inf 2004;73: 1-23 [PubMed]
3. Hodges JG Jr, Gostin LO, Jacobsen PD. Legal issues concerning electronic health information: privacy quality and liability JAMA 1988; 282: 1466-71 [PubMed]
4. Department of Health. Confidentiality—NHS Code of Practice. Final Report London: DoH, 2003. []
5. Wanless D. Securing our Future Health: Taking a Long Term View. London: HM Treasury, 2002. []
6. Department of Health press release. New electronic X-rays and scans will mean faster diagnosis for patients. 20 May 2004. []

Articles from Journal of the Royal Society of Medicine are provided here courtesy of Royal Society of Medicine Press