The records of millions of NHS patients could be accessed by private firms under proposed plans from the government.

But the NHS has defended the move, saying it is "crucial" for improving healthcare that specific IT users outside of surgeries and hospitals can access patient care data.

The plans have attracted controversy after it emerged that private firms and individuals, such as research firms and academics, will be given access to the information. There are concerns that if patient information were accidentally or deliberately leaked, it could end up in the hands of companies such as insurance firms.

The postcodes, medical conditions and treatments of patients would be accessible to strictly limited external users, according to the plans. While names will not generally be included, there are concerns that those with access to the information could identify patients by matching postcodes with other information in the records and data they already know.

Sometimes patient numbers will be needed, the NHS said, for example to ascertain how often patients visit hospital for treatment of a particular condition.

In such cases, researchers will have to obtain patient consent, the NHS said. If the numbers are too large for this to be practical, they will need legal authority from the Patient Information Advisory Group, which advises the government on the use of patient information.

The NHS last week opened the matter to a public consultation, allowing patients to specify who should access their records and what information they should see. That consultation can be accessed here.

In a statement to CIO sister title Computerworld UK, the NHS said it “does not sell patient identifiable information to third parties and to do so without the patient's consent would be illegal. Any reference to the 'selling' of patient data is entirely inaccurate”.

It said it had always used patient data for planning purposes, before the advent of digital records, adding: “This data is crucial to run the NHS efficiently, to develop new treatments for serious illnesses, to help develop appropriate public health policies and to inform commissioning decisions.”

But privacy campaigners remain concerned. Helen Wilkinson, founder of pressure group the Big Opt-Out, which campaigns against digital care records, told the Sunday Telegraph she was "horrified" by the latest development. "We are talking about a hugely valuable commodity which will be worth a fortune to the pharmaceutical industry, and to all the companies which make their profits from the health service.”

Separately, the NHS last week made a major concession to privacy concerns over doctor access to care records. It said clinicians will now have to ask patients before they can access their records.

But the move has attracted controversy because it still means records are being automatically created, if patients do not actively respond within a set period of time to an information letter. This letter is due to be sent out over the coming several years, as records are created.

The British Medical Association, which represents doctors, said it would have preferred clinicians to discuss the records with patients before they are created, even though the concessions were “an improvement”.

Patient Concern, a pressure group, said in a statement on its website: “Even if you do opt out all your 'demographic' details, including name, address, date of birth, phone number (even if ex-directory) and email address will still be listed.

"This goes against all the rules of informed consent and patient confidentiality," the statement said. While the concessions marked a positive step, "it still means that data will be uploaded without consent".

Related articles:

Doctors' body welcomes NHS patient-record access changes