December 26, 2007

NHS leader defends IT plan despite latest data breaches

Centralised database will help claims health service boss

By James Niccolai, IDG News Service

The head of the UK’s National Health Service has defended plans to build a centralised database of patient records following another round of embarrassing personal information losses by the government.

The Department of Health admitted last weekend that nine of its regional NHS trusts have reported losing patient data. One of the trusts, the City and Hackney Primary Care Trust, in east London, lost the medical records for about 160,000 children, though unlike other recent security lapses, the data was encrypted.

The losses emerged as part of a wider review following similar government blunders, and have revived questions about the security of building a centralised patient records database, part of the U.K.'s National Programme for IT (NPfIT). But David Nicholson, chief executive of the NHS, said the project was essential and should go ahead.

"It's vitally important that when a doctor is sitting in front of a patient they have all the information they need at their fingertips, and that's what's been driving us through all this," Nicholson told BBC Radio 4'sToday programme on Xmas eve.

The proposed system will not be a single large records database, but a series of interconnected regional databases, he said. And the security system will be more rigorous than that used with most Internet banking systems, Nicholson claimed.

Ross Anderson, a security expert at the University of Cambridge, questioned the comparison with banking systems and the reason why large amounts of data were being transferred around the system.

"One of the questions you have to ask here is not whether the data was encrypted or password protected, but why someone was able to have access to 160,000 children's records," he said. "In private industry ... if someone tried to make off with hundreds of thousands of records the alarms would sound."

Opposition leaders pounced on the latest problems as evidence that the government could not be trusted with its citizens' data. They called for further studies to show how the proposed patient records system would protect privacy.

The incident comes after the U.K.'s HM Revenue and Customs lost personal records for 25 million Britons, and the Driving Standards Agency lost records for more than 3 million learner drivers.

Newsletters

Our Daily & Weekly Newsletters highlight breaking news, vital issues, expert analysis and solutions to help you stay ahead of developments in the industry.