NHS National Programme for IT - Major Security Concerns
This week the "UK NHS Database" has been hitting the news. General Practitioners (GPs, family doctors) are stating in statistically significant droves that there is something very poor about security on it. Some sources speak of hackers, others of staff with nefarious intent. others speak of the ease of ID Theft.
These are just some of the headlines:
There's no smoke without fire. We know of one complaint already to the United Kingdom Information Commissioner asking him to take a serious look at the system using his powers "in the Public Interest". And we also note the comment by Jonathan Bamford, Assistant Commissioner:
"Just because technology means that things can be done with personal information, it does not always follow that they should be done. Public trust and confidence will be lost if there is excessive unwarranted intrusion into family life."
Other reports have shown us that it is common NHS practice to share logins and passwords, though that is strictly against policies and procedures. The "Oh use mine" approach does not work when it comes to protecting sensitive data.
So how secure will this be? Will Margaret and Michael swap logins and passwords? Will Peter be blackmailed into leaking information? Will the NHS Database become a popular place for criminal gangs to infiltrate as they do in financial call centres?
There is an update from Computer Weekly:
The House of Commons' Health Committee has agreed to hold an inquiry into key facets of the £12.4bn NHS National Programme for IT (NPfIT) after some MPs expressed concerns that the scheme may be foundering.
The decision reverses a resolution taken by the parliamentary committee only weeks ago not to hold an inquiry, and vindicates a campaign led by leading academics, Computer Weekly and MPs.
The inquiry, the terms of reference for which will be announced shortly, is expected to involve the committee's members questioning ministers and officials at a series of hearings.
MPs on the committee can take in evidence from trust executives who are concerned about the lack of progress in the delivery of core patient systems for hospitals, and from GPs about whether centralised electronic health records will be secure.
The committee in October rejected an inquiry partly because some members believed the programme was too complicated to be investigated by non-expert MPs.
[dated 28 November 2006]
Why not tell us what you think will happen?