skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view


During my mother-in-law's recent stay in a UK hospital, it was business as it always has been as the hospital breached the new General Data Protection Regulation (GDPR) by placing patient medical records at the end of the beds where they could be viewed by all visitors to the ward and by other patients.

Hospitals must adapt in order to comply with GDPR or face fines

GDPR is not just relevant to enterprises that handle personal information; it also applies to public sector bodies, including hospitals. Any information that identifies individuals must be kept secure, but in the case of hospitals, that information also includes details of medical conditions and treatments. In the past, medical records were stored on the ends of the beds of patients so the medical staff had easy access to them. Although this is changing as hospitals modernize, the pace of change is slow in some hospitals and needs to accelerate. Patients have the same rights to data privacy as any other person conducting business with a company or service provider. Once patients are discharged, their records must be removed immediately. That is not always the case, however, and records can remain at the end of an empty bed for some hours after a patient has been discharged.

If medical records need to be stored at the foot of beds to allow staff easy access, then they must be stored in a way that members of the public are not able to view them, perhaps in lockable folders that only staff can open. Hospitals, like any organization, should be reducing paper volumes by moving to electronic methods of recording information, but the cost of providing sufficient electronic devices on which to store patient data may be too high. Any initiative to keep medical records secure will undoubtedly cost money at a time when the National Health Service in the UK is under pressure, but the protection of patient data and compliance with GDPR is paramount. Cultural change is needed to ensure that hospitals manage patient records in an appropriate fashion.


Further reading

"Failing to capture paper documents increases risks for enterprises," INT002-000075 (February 2018)


Sue Clarke, Senior Analyst, Data and Enterprise Intelligence

Recommended Articles


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team: +44 7771 980316

Asia-Pacific team: +61 (0)3 960 16700

US team: +1 212-652-5335

Email us at

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now