So what you're saying is that NHS employees in the hospital where you're working have very little concept of how to properly look after sensitive data for the few thousand people they have files for. Their awareness of security and best practice is appalling and they don't give a rat's ass about confidentiality. Fair enough. I accept that. And you're saying you want to trust these same people, to have access to all 61 million UK medical records? To be able to print bits off, to be able to do a quick search for their friends/family/neighbours/etc? You're saying you trust these people to always log out of their computer when it's unattended? To use secure passwords and not put the password on a post-it note on the side of the monitor? To be immune to bribery and coercion? No. If it's all the same to you, I'll stick with a system where their screwups only risk a few files rather than ALL of them. I do shop online. Firstly, smaller systems, so security is much more realistic. Secondly, I have card protection so if my security is compromised, I don't lose out so long as I notice and have kept up my end of the deal (eg not taking stupid risks). Thirdly, I would much rather a criminal had my credit card details than my medical records. I can change my credit card.