A new study has concluded that a tenth of all NHS trusts are not adequately protecting data or securing their systems, thus highlighting them as inappropriate for connection to key IT systems offered by the health service.
The 10 per cent of trusts that received an amber rating in relation to their data security measures will not be able to gain access to the N3 network or the Spine, the latter of which is set to become a national store of patient data aimed at aiding diagnosis and treatment no matter where a citizen seeks medical assistance.
Hytec, a firm that both aids and analyses local authorities and the NHS in the context of data systems and networking, has compiled the report and rated each of the NHS trusts according to the Information Governance Statement of Compliance (IG SoC) tests. A score of 40 to 69 per cent in the IG SoC will result in an amber rating, which is not deemed to be safe enough to allow amber rated trusts access to certain NHS systems.
Any business or organisation that wishes to take advantage of the IT services provided by the NHS must undergo testing in order to prove its compliance with the requirements of IG SoC. With 10 per cent of trusts failing to meet these, it seems that there are some serious internal issues that need to be addressed.
Over the past three years more than 300 data breaches, losses and thefts have been reported to the Information Commissioner’s Office (ICO) by the NHS. This figure accounts for over 30 per cent of the reports dealt with by the ICO and, as such, the NHS is frequently criticised for its repeated failings in this area.
Hytec’s Alan Hunt said it was clear that the NHS could not hope to guarantee patients that their data would remain protected and uncompromised whilst in its care if as many as one in 10 of its trusts could not meet the basic security level outlined in the IG SoC.