Latest Channel 4 News:
Senate blasts bin Laden failure
Immigrant child detention attacked
Leaders call for climate agreement
Hospitals shamed over patient care
Dubai waits on neighbour debt aid

Doctor's letter to police: full text

Updated on 08 May 2006

By Benjamin Cohen

The full text of the letter sent to the Met calling for a criminal investigation into the leaking on to the internet of junior doctors' data.

Dear Sir Ian,

We are writing in relation to the alleged mishandling of sensitive personal data of medical students and junior doctors by the Department of Health.

We believe there have been serious breaches of the Data Protection Act that could potentially compromise public safety and pose specific risks of financial exploitation and harassment to medical students and junior doctors.

We are uncertain whether the circumstances surrounding this amount to criminal negligence by the Department of Health and associated agencies, but have concerns that such alleged mishandling of personal data may make it possible for unscrupulous individuals to utilise this data for criminal purposes.

Criminal investigation

We believe this may justify a criminal investigation by the Metropolitan Police because of the issues outlined below. Copies of this letter have also been sent to the Director of Public Prosecutions and the Information Commissioner.

There has been considerable media coverage of the Medical Training Application System (MTAS) in recent months. MTAS was set up in October 2006 to process job applications for medical students and junior doctors across the UK.

In January 2007, more than 30,000 junior doctors applied through MTAS for specialty training posts in the NHS. MTAS and its associated recruitment program have been widely criticised and are currently subject to an investigation of breaches of employment legislation.

A Judicial Review is due to take place on 16th and 17th May 2007.

On Thursday 26th April 2007, Channel 4 news reported that sensitive personal data relating to medical students was freely available on the MTAS website.

Data included mobile telephone numbers, email addresses, home addresses, religion, sexuality and spent criminal convictions all compiled in spreadsheet format. Furthermore, allegations have been made by independent internet security experts that basic security measures were omitted from the system.

According to Channel 4 news' technology correspondent Benjamin Cohen, applicants' details could be accessed by manually altering the URL code.

It remains unclear to what extent these allegations are verifiable. Health Minister Lord Hunt dismissed the problem as a "malicious leak" on Thursday 26th April, despite instances being highlighted months ago by organisations such as the Orthopaedic Trainees' Association and other doctors' groups.

There is no evidence available to us that these issues were given due consideration or were acted upon accordingly.

Indeed, on the Department of Health's Modernising Medical Careers (MMC) website, a section on Frequently Asked Questions relating to MTAS dated March 2007 states: Is MTAS secure? (March 2007)

Is MTAS secure?

The BMA have raised concerns about the security of the service. We are pleased that people are being vigilant and reporting any concerns quickly.

All allegations of improper use of the service will be investigated and appropriate action taken. The MTAS service provides a clear on-line audit trail to aid investigation. We will investigate, and can readily identify, any misuse of the service that is reported.

If there is any evidence to suggest that this is the case, we will notify the relevant Postgraduate Dean who will be expected to take action. If relevant, a referral may be made to the GMC."

This statement appears to suggest that not only were the security concerns acknowledged at least a month before the aforementioned media coverage, but the main security threat was perceived to originate from breaches of the Computer Misuse Act by other doctors.

Junior doctors and medical students are outraged that their concerns were not subject to more concerted deliberation. It would seem pertinent to ask why MTAS was only taken offline when these security concerns were exposed by a mainstream news program.

Aside from feeling personally violated, we recognise that dissemination of medical students' and junior doctors' sensitive personal data presents specific risks to vulnerable individuals.

We thus feel it would be in the public interest to investigate this case. We understand the Information Commissioner is compiling a report on this issue and related matters of internet security and is due to present it to a cross party committee of MPs in due course.

We welcome this investigation but are concerned that this will fall short of investigating the particular issues we have identified. We are additionally concerned that matters of sensitive personal data dissemination may have been minimised in the past few months as well as during the planning and implementation stages of the MTAS site development.

Grave worries

We have grave concerns that the sensitive personal information made available may fall into the wrong hands and be used maliciously.

It is well recognised that determined individuals have impersonated medical professionals in the past and put patient safety at risk (Hansard - written answer 76616 - Impersonation of Doctors - 4th Nov 2002). Sensitive personal data could be utilised for Criminal Records Bureau authorisation as a means of working with vulnerable children and adults.

The worst case scenario is that child sex offenders may gain access to settings such as paediatric wards, GP surgeries and other healthcare settings because they have stolen the identity of a junior doctor or medical student.

Whilst we cannot prove this is occurring, the wide media coverage and ease in which the data has filtered into the public domain would present ample opportunity for criminals to utilise this information for their own deviant purposes. Clearly, this would be conducted with discretion and without immediate public knowledge.

The Secretary of State for Health, Rt Hon Ms Patricia Hewitt, stated to the House of Commons on Tuesday 1st May 2007 that only 21 'hits' were recorded within the alleged security breach window relating to the spreadsheet data of medical student applicants. We fear there may be a more systemic and longstanding failure of identity protection as highlighted in correspondence from preceding months.

We also have concerns about the welfare of junior doctors and medical students in relation to this issue.

Firstly, there is substantial evidence borne out in convictions for harassment and from empirical research that health care professionals are subject to higher rates of stalking and harassment than the general public (American Journal of Psychiatry 1998, British Journal of Psychiatry 2006, Medical Journal of Australia 2002).

Psychologically disturbed individuals focus their stalking behaviour on health professionals for a variety of reasons. Junior doctors and medical students are aggrieved about the putative security inadequacies as it appears unclear whether this risk was given due consideration when constructing the MTAS security system.

Personal details

Doctors are assiduous in protection of their personal details. For instance, many doctors refuse to register their home addresses with the General Medical Council because they fear the consequences of allowing personal details being easily accessible.

Arguably, this instance may contravene Article 8 of the Human Rights Act for the Right to Respect for Private and Family Life. A further consideration is that of identity theft for pecuniary purposes. Junior doctors present a soft target for identity theft criminals and particularly those with information technology expertise. The sensitive personal data made available could be utilised for fraudulent activities and exploit the relatively favourable credit histories of junior doctors.

We trust this information will be given due consideration in what has been a distressing time for junior doctors and medical students. We feel that a police investigation may be warranted because of the issues of public protection outlined above.

We additionally posit that a detailed investigation into the planning, implementation and fallout of MTAS would be justified because of concerns about possible minimisation of or lack of attention paid to sensitive personal data dissemination.

Many individual junior doctors and medical students would be willing to make statements on this issue. This is accompanied by a consensus within the medical profession of feeling inadequately reassured by the Department of Health's response.

We submit that everything written here is true and accurate to the best of our knowledge. Please do not hesitate to contact us if you have any further queries.

Send this article by email

Watch the Latest Channel 4 News

Watch Channel 4 News when you want

Latest UK news

More News blogs

View RSS feed

NHS illegal workers

Hospital cleaner (Credit: Getty)

Claims illegal immigrants got NHS jobs through a contractor.

Will heads roll

Schools Secretary Ed Balls (Credit: Reuters)

FactCheck: did Ed Balls vow to sack 3,000 head teachers?

Stroke of luck

Tinner

Amateur rugby player wins £250,000 for hitting the bar.

Afghan fatalities in full

British soldiers killed in Afghanistan

The full list of British soldiers killed in Afghanistan since 2001.

Dispatches on Twitter

C4Dispatches

Coming up--Russian oligarchs and their British connections

This week

Follow us

How to tweet

How and why to follow the Channel 4 News family on Twitter.

Most watched

Most watched

Find out what's getting people clicking online this week.

Channel 4 © 2009. Channel 4 is not responsible for the content of external websites.