13.07.17
DH pledges £50m to safeguarding NHS digital security
The government has this week pledged to boost investment in data and cyber security for the NHS by over £50m, including a £21m capital fund specifically for major trauma centres.
Following the publication of the National Data Guardian for Health and Care’s Review of Data Security, Consent and Opt-Outs and the CQC’s Review ‘Safe Data, Safe Care’, the government has responded to both by promising to improve the health service’s data protection record.
It also comes after May’s NHS cyber-attack, which left many trusts in ‘shut-down’ as hackers managed to take over computer systems across England.
In the plans, called ‘Better Security, Better Choice, Better Care’, the DH also said that it intended to give patients and the public greater access to and control over their personal data.
Ambitions to build confidence in the importance of securing data to provide better individual care and treatment were also announced in the strategy, as well as a drive to support research and planning across the health system.
The department added that work was already underway to determine the fastest and most cost-effective way to support the NHS to move from unsupported operating systems, including Windows XP. Last week, a report commissioned by Google DeepMind Health described how behind the times the NHS was, as it said that the health service was still the world’s biggest purchaser of the outdated fax machine.
The NHS contract has also been changed so that organisations are now formally required to adopt data security standards as recommended by the National Data Guardian. These measures include greater security training for staff, annual reviews of processes and extensive contingency plans to respond to threats to data security.
“The NHS has a long history of safeguarding confidential data, but with the growing threat of cyber-attacks including the WannaCry ransomware attack in May, this government has acted to protect information across the NHS,” said health minister Lord O’Shaughnessy.
“Only by leading cultural change and backing organisations to drive up security standards across the health and social care system can we build the resilience the NHS needs in the face of a global threat.”
Trusts need funding and support to improve resilience
The plans were welcomed by many across the NHS, including the head of analysis at NHS Providers, Phillippa Hentsch.
“While the NHS coped well with what was an international cyber-attack affecting more than 80 countries, trusts do need more funding and support to improve their resilience.
“That is why we are pleased there will be extra money for data and cyber security. In particular, the support for cyber resilience of major trauma sites is sensible.”
Hentsch added that it made sense to start the process of moving the NHS away from unsupported operating systems, bearing in mind the particular complexities involved in upgrading software for some equipment.
“The health service is increasingly relying on digital innovations to help deal with growing patient demand. This presents important and exciting opportunities to improve care for patients, and to work more efficiently,” she continued. “Trusts will need clear direction and guidance on how new digital technologies are to be rigorously assessed while maintaining data confidentiality.”
Professor Jane Dacre, president of the Royal College of Physicians, said: “Patients need to know that the information they share with health professionals about their care will be protected and used to support their treatment, and the actions the government are taking will support stronger security standards and data protection.
“We also support the increased opportunities patients will have in future to know more about the way that their shared data has been used with their consent.”
Doctors raise concerns about changes undermining patient trust
However, parts of the strategy raised eyebrows for some doctors. The BMA in particular said it had serious concerns about the removal of patients’ right to opt-out of having their details sent from their GP surgery to NHS Digital without putting in place the necessary protections and guarantees first.
“The current arrangement between NHS Digital and the Home Office, in which the Home Office can request confidential patient information for immigration purposes, is undermining patient trust in how their confidential information is used,” said Dr John Chisholm, BMA medical ethics committee chair.
“This arrangement between the Home Office and NHS Digital adopts a lower ‘public interest’ threshold for sharing confidential data than is expected by the General Medical Council.”
Dr Chisholm added that patients deserved to know how and under what circumstances their personal data may be used.
“The BMA believes there needs to be a higher threshold for releasing information from NHS Digital to the Home Office, and independent oversight of disclosures before the removal of the opt-out,” he argued. “If patients don’t have confidence in the system, not only does it damage the doctor patient relationship, there is also a real risk that some will be put off visiting their GP, which could have serious public health implications.”
Have you got a story to tell? Would you like to become an NHE columnist? If so, click here.