In e-novation's comment section (2 August), important matters about patient records and some of the ethical issues that surround them are raised.

European and national legislation emphasise the importance of quality, safety and security.

These must be developed in parallel with basic information standards, such as healthcare communication or electronic record systems. Without considering these regularity aspects, the technical possibilities for efficiency improvements using IT cannot be fully exploited.

In healthcare information systems, the reason for the major concern with confidentiality should be protecting individuals' privacy.

Patients must trust healthcare establishments to care for the sensitive information they give them. Systems should be understood to include the surrounding procedures and working practices.

The NHS plan and the modernisation agenda propose that clinical and, indeed, social care data should flow freely between all those concerned with an individual's care.

Regulatory bodies, such as the Commission for Health Improvement and the National Institute for Clinical Excellence, must access a wide range of clinical data if they are to perform their function; patients can access clinical advice from NHS Direct online. So data security, data integrity and patient confidentiality become of clinical importance.

The issues are complex and there are many stakeholders.

Security and confidentiality are vital elements of the NHS plan.

The problems that surround them often appear intractable, and yet have the capacity to generate intense - if not well informed - discussion. But they must be addressed.

In exploiting the potential of electronic patient/health records, individual users' privacy has not been built into the architecture and operation. Patients will not fully reap the benefits of improved health and greater access to care and health information until privacy is treated as an essential element in the design and operation of the enterprise.

These steps can - and should - be encouraged now.

They are no longer of theoretical or academic interest, but of practical relevance.

If these information issues are not solved, Information for Health and - indeed the NHS plan itself - will be jeopardised.

We must have this debate with all the stakeholders and recognise patients' rights in these valuable developments.

Dr Graham Fullarton Data protection manager Bolton Hospitals trust