DH seeks tougher sanctions for security breaches

  • 29 February 2008

The government is seeking an increase in penalties for NHS staff that breach the Data Protection Act.

Health minister, Ben Bradshaw, made the pledge at a debate on the health select committee report on electronic patient records in Westminster last Thursday. This followed evidence read by chair of the committee, Kevin Barron, citing examples of NHS staff who had accessed records for no justifiable reason, and no action had been taken.

Bradshaw said that at present, keeping records of breaching data security was the responsibility of strategic health authorities, who were also responsible for taking action against those individuals.

He added: “The government strongly support the committee’s recommendations about having stiffer penalties for breaches of the Data Protection Act 1998. Access to patient records will be available only to authorised NHS health care professionals, who must be authenticated users and members of the health care teams directly involved in the relevant patient’s care.

“The department recently wrote to the head of the civil service, who is conducting a review of data processing and collection across government, repeating our support for an increase in penalties for breaching the act.”

He added that despite recent coverage of NHS data losses, the opt out rate in the Summary Care Record (SCR) early adopter sites was only 0.64%, as of 3 February. In total, across Bolton, Bury, Dorset, South Birmingham and Bradford and Airedale, 26 GP practices had gone live with the system and 153,000 patients’ clinical records had been created.

Plans to make the main SCR page more complicated have also been scrapped by the DH, he said: “We should keep the page simple and not make it more complicated – earlier, it was suggested that we would make it more complicated, but we will not do so.”

On the detailed care records for acute care, Bradshaw acknowledged delays and gave details of when new systems are now due to be rolled out.

“We accept that there have been delays, not only in the roll-out of summary care records, but in the whole NHS IT programme. It is important to put on record that those delays were not because of problems with supply, delivery of systems, but pretty much entirely because we took extra time to consult on and try to address record safety and patient confidentiality, and we were absolutely right to do so.”

Cerner Millennium will next be released in Barts and the London NHS Trust in a fortnight. The next Southern Programme of IT site to get the system will be Bath Royal United Hospital NHS Trust in May.

In the North, Midlands and East, Lorenzo release 1 is due to be released to its pilot sites – University Hospitals of Morecambe Bay NHS Trust, University Hospital Birmingham NHS Trust and Bradford Teaching Hospitals NHS Foundation Trust – in June.

Stressing the benefits of the national programme, he said: “The health service is moving from being an organisation with fragmented or incomplete information systems to a position where national systems are integrated, record keeping is digital, patients have unprecedented access to their personal health records and health professionals will have the right information at the right time about the right patient.”

However, he refused to back down on calls for sealed envelopes to be excluded from secondary user service data saying: “We have put in robust safeguards…consent is required, except for data that have been anonymised or data that are otherwise not identifiable as coming from any individual.”

He also insisted that central procurement should remain the way Connecting for Health works, and power should not be devolved: “Central procurement has enabled the needs of the NHS to be aggregated to get best value. Ovum, the IT industry analyst, carried out a detailed study in 2006, and it calculated that central procurement has saved £4.5 billion, compared with the cost if the same solutions had been procured locally.

“Local systems therefore need to be integrated if the aim of making patient information available at the point of need is to work. That is why we have to get the balance right between a national approach with a national architecture, and control at the local level.”

Dr John Pugh, Liberal Democrat MP for Southport, and a member of the Public Accounts Committee (PAC), said: “On the PAC’s three main criticisms – delays, cost benefit analysis, and the paucity of suppliers – the jury is still out, despite the excellent health committee report.”

Link

Hansard – Westminster Hall debate

 

Joe Fernandez

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

WHO launches collaborative network for data and digital health

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.
Wes Streeting: We can make Britain a powerhouse for MedTech

Wes Streeting: We can make Britain a powerhouse for MedTech

Health secretary Wes Streeting has pledged that the new government will “make Britain a powerhouse for life sciences and medical technology”.
Digital Health Coffee Time Briefing ☕

Digital Health Coffee Time Briefing ☕

Today's edition includes GOSH using AI to help identify Parkinson's Disease and a look at the challenges of evaluating digital health tech.