Electronic health records have become essential tools for the support of Medicine. At
one time access to these records was limited within the boundary of a health service
organisation; increasingly use is extended beyond this boundary. This extended use
presents a security challenge in management of patient consent and confidentiality.
Practical examples of shared health records can be seen in the UK National Health
Service where there have been significant recent investments in IT systems. The
goal of this dissertation is to analyse the UK legal framework for consent and
confidentiality and, using this, identify shortcomings in current arrangements. A
security policy and model is then developed based on Clark-Wilson and conclusions
are drawn from comparison of this model with these developments.