Lack of clarity concerning the level and scope of encryption to be used on the national health database raises concerns that yet more public data could be at risk.
In the House of Commons yesterday, Conservative MP Christopher Fraser warned that a catalogue of errors – including the loss of 300,000 prescription forms and multiple laptops containing patient details – meant that the security of the proposed NHS database had become a cause for national concern. Health Minister Ben Bradshaw responded by claiming that electronic data stored on the NHS database would be encrypted and all staff would be educated on best practice data security. Jamie Cowper, Director of European Marketing at enterprise data protection expert PGP Corporation, made the following comments: “While the Government has claimed that the NHS database will be secured using encryption, what isn’t yet clear is how this technology will be extended across other applications. With the potential for so many people to access and share sensitive, confidential information – whether via email, through an internal system or even on a CD – the Government needs to ensure that the strongest levels of security are in place across all applications. This means encrypting ALL data at source to ensure that no matter where it resides, it remains secure. Though the Health Minister was keen to point out that educating employees on data security is a must, the burden of securing data should not just fall on the shoulders of staff. Proper controls and policies need to be enforced to compliment encryption – ensuring an automated, transparent and complete security infrastructure that leaves little or no room for human error. With the HMRC data disaster still fresh in the public’s mind, the Government should view the NHS database as a golden opportunity to restore the nation’s faith in the public sector’s handling of private information.”
|
