There is a public interest in maintaining confidentiality in all interactions between patients and healthcare professionals and there needs to be strong justification for breaching this without patient consent. On the other hand there is a strong presumption of sharing health information between healthcare professionals responsible for the care of individual patients including the patient's general practitioner. However genitourinary medicine services have always had a different view of patient confidentiality; in order to encourage attendance and prompt treatment of sexually transmitted infections (STIs) identifiable information is not shared beyond the clinic unless there is specific patient consent. This approach is consistently backed by patients when asked why they choose to attend such services rather than their general practitioner (GP).1–4 Despite different interpretations as to the exact meaning it has also been backed by the STI regulations.5 We currently await clarity on the future of these regulations within the new health and social care act.

On the face of things the advent of electronic patient records does not change anything, indeed some claim that it makes sensitive health information more secure. However there are a number of consequences of using electronic records that deserve careful consideration particularly as sexual health and HIV services are reorganised.

1. On a stand-alone clinic level there are clear safety advantages of electronic records including the ability to order investigations electronically. However even if separate sexual health numbers are used if the NHS number is attached this could lead to sexual health results inadvertently being linked to the patients general record by the laboratory resulting in wider sharing than the patient wished.

2. Where sexual health services are merged with sexual and reproductive health (SRH) services or the delivery of such services across a county or counties is taken over by one organisation (NHS or private) then a much wider group of staff will be able to access the records. Role based access controls may limit the amount of clinical data some staff groups can access but even information that an individual has attended a clinic may be sensitive; knowing that a receptionist from a different service can see this may be a deterrent to accessing the service.

3. For care of HIV-positive individuals information should be recorded in the patient's general record and many services either do this already or are working towards this. However where should we record detailed sexual histories and the results of sexual health screening tests? There is some published data to suggest that patients are less concerned about this once their HIV status has been more widely shared.6 However it should not be assumed that all or most patients are happy for this information to be held in their general health record. After all where is the justice in not providing the same level of confidential sexual healthcare to HIV-positive individuals as we do for those who are HIV-negative or have unknown status?

It is vital that we engage patients in a meaningful way on these issues without engendering fear. Explicit consent should be sought to use a patient's NHS number; this is already being achieved in Scotland.7 There should be careful consideration of role based access controls within and across services. Finally we need to consider what options we can provide for recording sexual health information about HIV-positive individuals, for example sealing and locking this information within the general health record or providing all care in a separate sexual health information technology (IT) system but with key links into the general record to ensure HIV information is available.

Some healthcare professionals consider this concern to be excessive. We should be able to rely on current confidentiality procedures and policies in the NHS to protect patients’ sexual health information. However in reality there is often a lack of thought when applying the principles of confidentiality and an inflated sense of the need to know principle. Many IT systems in current use do not have the functionality to seal and lock information, and in practice role based access controls can only provide a small degree of control over who can see records across an organisation. These attitudes and limitations are evidenced by the number of incidents reported to the Information Commissioner and the number of trusts that have incurred financial penalties for data breaches. One could argue that it is now easier to identify the source of data breaches however this is no consolation for an individual whose information has been misused.

It is important that sexual health services modernise and that wider sharing of information is enabled where patients want this. However the separation of sexual health information began for good public health reason and patients continue to highlight confidentiality as high on their list of reasons for accessing these services over their GP. Electronic records have created the possibility of easy and wide access to information and it is incumbent upon us to protect our patients’ sexual health information and ensure that we don't inadvertently destroy patient confidence in our services.