The head of the U.K. National Health Service has defended plans to build a centralized database of patient records following another embarrassing loss of personal information by the government.
The U.K. Department of Health admitted this weekend that nine of its regional NHS trusts have reported losing patient data. One of the trusts, the City and Hackney Primary Care Trust, in east London, lost the medical records for about 160,000 children, according to newspaper reports. The total number of records has not been disclosed.
The losses emerged as part of a wider review following similar government blunders, and have revived questions about the security of building a centralized patient records database, part of the U.K.'s National Programme for IT (NPfIT). But David Nicholson, chief executive of the NHS, said the project is essential and should go ahead.
"It's vitally important that when a doctor is sitting in front of a patient they have all the information they need at their fingertips, and that's what's been driving us through all this," Nicholson told BBC Radio 4's Today program on Monday.
The proposed system will not be a single large records database, but a series of interconnected regional databases, he said. And the security system will be more rigorous than that used with most Internet banking systems, according to Nicholson.
"You'd need a user name, a password and a smart card [to access patient records] and you would have role-controlled access," he said. "So a nurse on a ward with a smart card and a password could only access a relatively small number of patient records."
The information that was reported lost over the weekend was encrypted and so not vulnerable to misuse, Nicholson said.
But Ross Anderson, a security expert at the University of Cambridge, told Radio 4 that whether the data is encrypted is not the main issue.
"One of the questions you have to ask here is not whether the data was encrypted or password protected, but why someone was able to have access to 160,000 children's records," he said. "In private industry ... if someone tried to make off with hundreds of thousands of records the alarms would sound."
Opposition leaders pounced on the latest misstep as evidence that the Labour government can't be trusted with its citizens' data. They called for further studies to show how the proposed patient records system would protect privacy.
The incident comes after the U.K.'s HM Revenue and Customs lost personal records for 25 million Britons, and the Driving Standards Agency lost records for more than 3 million learner drivers.
"The power of technology means it can be very easy to use the information, but also very easy to lose the information," the Information Commissioner Richard Thomas said on the Today program. "The events of the last few weeks have woken up everybody to the importance of taking these matters seriously."
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment