Health Service Focus


Tackling old and new threats to data security

Source: NHE Nov/Dec 16

Andrew Rose, senior policy officer at the Information Commissioner’s Office (ICO), discusses what actions NHS organisations can do to improve their data security compliance.

Cyber-attacks are a growing concern in the NHS, but the majority of data security breaches are still down to manual issues, according to the ICO. 

Recently the regulator released its data security incident and trends statistics for Q1 in 2016-17, which, once again, showed that the health sector continued to account for the most data security incidents. 

Andrew Rose, senior policy officer at the ICO, noted that this is due to the combination of the NHS making it mandatory to report incidents, the size of the health sector, and the sensitivity of the data processed. 

However, the latest data saw a 26% increase in the number of data security incidents in the health sector compared to the previous quarter (from 184 in Q4 2015-16 to 232 in Q1 2016-17). 

Asked what the main incidents were, Rose explained that the top three included data being posted or faxed to the wrong recipient; loss or theft of paperwork; and data being sent by email to the incorrect recipient. 

“A lot of these incidents could be avoided,” he said, adding that improving training is one of the big issues that have come out of a number of its enforcements. 

“I think that organisations need to make sure it [training] is happening and is relevant to the job role if they can,” explained Rose. “It doesn’t mean designing a course for every department, but it should be something that is a little bit more nuanced than e-learning once a year. It also shouldn’t be done once and forgotten.” 

Earlier this year, Dame Fiona Caldicott’s review recommended that the CQC should integrate measures for compliance with updated data security standards into their ‘Well-Led Inspections’ regime. This is a move that the regulator is taking forward.

Rose added that the CQC picking up on information governance in its inspection regime “should help enforce the fact that this stuff needs to happen. You need to record that the training is happening”. 

The ICO policy officer added that NHS organisations must also look at the policies and procedures they have in place. If you think about things being sent to the wrong recipient, Rose said, is that the fact that someone has not been trained or isn’t there a procedure in place for them to follow.Although the regulator produces a lot of advice and guidance, which helps NHS organisations understand what the issues are in terms of data and helps them with the questions to ask, Rose noted that it won’t help them with what solutions need to be put in place. 

“That is where CareCERT comes in, and they have the link with the National Cyber Security Centre,” he said. “That should be a key route to support. 

“I think that is where NHS organisations should get the expert advice from CareCERT, because they are set up and geared-up to provide that.” 

Despite there being an increased threat of cyber-attacks, especially Ransomware attacks against the NHS, which should not be neglected, Rose told NHE that as well as putting measures in place to mitigate these threats, the NHS must address the issue that the “majority of incidents still come down to manual errors”.

Tell us what you think – have your say below or email


There are no comments. Why not be the first?

Add your comment


national health executive tv

more videos >

latest healthcare news

Doctors call for ‘black alert’ to be introduced in general practice

26/06/2017Doctors call for ‘black alert’ to be introduced in general practice

Doctors have called on the government to introduce a “black alert” for GPs so that clinicians can alert authorities when surgeries ar... more >
Surgeons back proposals to improve regulation of cosmetic surgery

26/06/2017Surgeons back proposals to improve regulation of cosmetic surgery

Surgeons have this week backed a private members’ bill that has been tabled and seeks to improve the regulation of cosmetic surgery. I... more >
BMA: Government wants world-class NHS with a third-class settlement

26/06/2017BMA: Government wants world-class NHS with a third-class settlement

Public satisfaction rates with the NHS has plummeted, the BMA has today stated as a survey found that more people were dissatisfied with the heal... more >

editor's comment

13/06/2017Tackling the major challenges facing the NHS

As you will have gathered from the front cover, a theme that runs throughout this edition of NHE is about empowering and involving the workforce in order to deliver innovative change across the system.  Professor Jane Dacre, president of the Royal College of Physicians, highlights on page 16 the importance of sustainability and trans... read more >

last word

A clear strategy for change is needed for health and social care

A clear strategy for change is needed for health and social care

Nigel Edwards, CEO at the Nuffield Trust, argues that it would be a lost opportunity if the next government does not seek to put both health and social care funding on a more sustainable footing.... more > more last word articles >
681 149x260 NHE Subscribe button

the scalpel's daily blog

Confed17 open its doors in Liverpool today

14/06/2017Confed17 open its doors in Liverpool today

Confed 17, the major annual NHS Confederation conference, has kicked off today in ACC Liverpool, inviting in more than 1,000 health and care leaders to discuss and review the long-term demand patterns needed in the sector. Highlights of the two-day conference will be a keynote address from NHS England’s chief executive Simon Stevens, as well as health secretary Jeremy Hunt’s first major public appearance since he was reappoi... more >
read more blog posts from 'the scalpel' >


A hub for healthy communities

23/06/2017A hub for healthy communities

Mark Robinson, New NHS Alliance pharmacy lead, discusses why pharmacy is at the heart of healthy living in communities – and explains how p... more >
Do something different

23/06/2017Do something different

Jill DeBene, chief executive of Institute of Healthcare Management (IHM), considers what workforce optimisation really means and the importance o... more >
The now and the future of infection prediction

23/06/2017The now and the future of infection prediction

Marco-Felipe King, an infection control postdoctoral researcher at the Institute for Public Health and Environmental Engineering at the Universit... more >
Prime for transformation?

20/06/2017Prime for transformation?

The sustainability and transformation partnerships (STPs) programme should harness and drive digital innovation as a positive force to help overc... more >
The meanings of value

20/06/2017The meanings of value

Professor Sir Muir Gray, director of Better Value Healthcare, considers the meaning of value in NHS commissioning for both the system and patient... more >


Working collectively to improve cancer outcomes for patients

20/06/2017Working collectively to improve cancer outcomes for patients

Last year, the cancer vanguard established the Pharma Challenge. Rob Duncombe, pharmacy director at the Christie NHS FT, gives NHE an update on t... more >
A great place to work

16/06/2017A great place to work

The Walton Centre NHS FT has been identified by NHS England as one of only 12 exemplar organisations in the NHS for its work in health and wellbe... more >
A fork in the road for the NHS

06/06/2017A fork in the road for the NHS

Niall Dickson, chief executive of NHS Confederation, talks to NHE’s Josh Mines ahead of Confed2017 about the organisation’s 10-p... more >
Tight timetable for nursing associate  regulation

28/03/2017Tight timetable for nursing associate regulation

Jackie Smith, chief executive at the Nursing and Midwifery Council (NMC), talks to NHE’s David Stevenson about the challenges her organisat... more >
Improving the flow

13/02/2017Improving the flow

Glen Burley, chief executive of South Warwickshire NHS FT, explains how his organisation has been able to improve patient flow through its emerge... more >