
CURRENT SECTION :: News	UK's most visited IT Contractor Site - 250k unique visitors March 2008

Members
Subscribe to our news letter service to keep current with the latest news and information. Click here to join.

Site Navigation
Home News Contractor Alliance Free Stuff Company Formation Bulletin Board First Timers Trading Structures Legal : IR35 / IR591 Legal : S660 Tax/Legal Q&A Jobs Contract Search Urgent Contracts Overseas Guides Market Stats Money Insurance Training Directory Agency Directory TechZone Contact Us

Search
Advanced Search

News for you
RSS XML feed News feed for your site News feed information

News article sponsored by...

Maximising Contractors' Returns

Safe, effective solutions for contractors

Call now on 08702 880055

NHS IT system 'maximises' security risk

The current architecture of a showpiece NHS IT system “maximises” the risk of patients’ confidential details being leaked, stolen or breached.

Rather than minimising the security risk, the Spine provides “both a bigger target and a larger number points of attack” than if the NHS used a group of smaller systems.

Plans for the future of the Summary Care Records, a single database of patient data accessible by all NHS staff nationwide, will also make the system “more difficult to use.”

Delivering these damning verdicts on the system, due to store the data of 50m patients, the Commons Health Select Committee called for all staff with access to be security trained.

Security applications for healthcare systems provided by IT contractors, such as BT, should be independently evaluated, with the results to be made public.

The committee said such measures would install confidence in the Ł12bn computerisation of the NHS, and reduce the risk of security breaches, which are “problematic” and “challenging”.

It also poured scorn over delays to the SCR, which in some parts is two years behind schedule, saying rollout across the UK is being prolonged by confusion over its content.

Health officials gave different answers on different occasions to questions about which types of patient information will be included in the SCR and what it will be used for.

“The committee was told at various times that the SCR will be used for the delivery of unscheduled care, for the care of patients with long-term conditions, and to exchange information between primary and secondary care.

“It is little wonder that patient groups expressed confusion about the purpose and content of the SCR,” the committee wrote in its report into the e-health record.

The report warns of “serious concerns” over the lack of information both about how security systems will work and about the outcomes of security testing.

This is despite a series of checks, audits and smartcards put in place to secure the SCR, which, overall, will bring benefits to patients, the committee said.

“Many of these measures are new and untested on the scale that they will be used in the NHS,” it said in its report, published yesterday. “As a result, their impact and vulnerabilities are difficult to predict.”

To bolster the security of the Spine and the DCR, the local e-record of a patient’s full medical history, the committee says custodial sentences should be drawn up to deter would-be data snoopers.

Reflecting on the DCR, the cross-party group of MPs said while local control over DCR is a desirable goal; it is “surprising that the architects of the DCR were not able to provide a clearer vision of what is planned.”

The committee said: “There is an explanatory vacuum surrounding DCR systems and this must be addressed if duplication of effort at a local level is to be avoided.”

The successful delivery of DCR systems, they said, depends upon the ability of Connecting for Health to harness the benefits from local as well as national input, “something which it has not achieved so far.”

Among recommendations for the DCR, the committee said an independent technical standards body should be set up to set requirements for interoperability, which all NHS IT suppliers should conform to.

Technical standards should cover system security and reliability but the focus should be on ensuring systems supplied by contractors are fully-interoperable, to help the NHS in its goal of seamless data exchange between systems.

The committee also recommended that British health executives should follow their counterparts in France, where patients will own their own national summary record.

Such an approach is widely accepted as giving patients more control over who can access their record and more opportunity to influence and take control of their own medical care.

Sep 14, 2007

Email this article
Printer friendly page
Previous Page


All content © Contractor UK Limited	http://www.contractoruk.com/lists/?p=subscribe&id=1[Register for News Letter] \| [Privacy Statement] \| [Terms of Use] \| [Top of Page]