The NHS has come under further scrutiny after a number of studies and official announcements revealed it as the UK’s largest contributor to the list of data loss incidents reported to the Information Commissioner’s Office (ICO). However, security experts believe that it is ready to improve and evolve to prevent further embarrassment.
Security specialist David Ting has said that the NHS is in a good position to revive its reputation and gain public trust and claimed that legislation in the UK would make this process less complex than it might be in other developed nations. However, he identified the fact that significant risks still face the NHS and further loss of patient data will be inevitable unless changes are made.
The NHS is allegedly investing significantly in analysing the way in which it protects private data, as well as working on a number of initiatives which will see levels of security increase considerably in the coming years.
Mr Ting identifies three different categories of users against which a multi-tiered security system must be implemented. Firstly, there are those users who accidentally compromise the integrity of patient data; then those who view secure data to which they technically have access without really possessing adequate clearance; and finally any malicious parties who actively steal data.
Mr Ting believes that preventing data loss whilst tackling the effects of all three user types requires that security is implemented in a transparent manner which addresses any weaknesses without creating an overcomplicated system that only experts can use.
NHS staff need to be fully trained in the reasons behind data protection, as well as being presented with the potential ramifications of a security breach or loss in order to provide them with the motivation to handle data responsibly, according to Mr Ting.
The secure movement of data is of the utmost importance to the NHS, as several serious data loss incidents have occurred as the result of poorly handled portable storage devices. Experts believe that in the longer term the NHS will have to address the matter as to how control over data is managed in the context of staff. Mr Ting believes that fundamental changes to the system will be required before rather more elaborate and fine-grained control can be considered.
