Tag Archives: NHS

The Medical Cloud

A new Cloud base platform has just been launched by the NHS in order to allow secure access to medical records.

The idea is to speed up communication between patients, consultants and general practitioners through accessing files through the internet.

Patients will have the ability to view their data via a number of devices and control exactly who has access to their records. Furthermore they can request to have their details referred to medical specialists.

Flexiant claims that the project “could be used to integrate all phases of health-care treatment, from assisted living to primary and secondary healthcare, so that the same data can be used throughout.”

“For the first time patients can have control over their treatment and their records and that is enormously empowering” stated Tony Lucus, founder of Flexiant.

Flexiant are the engine behind the project and have teamed up with Napier University (Edinburgh) to develop the project over the last two years. The aim is to make the current paper system a thing of the past.

“This has massive implications for the future of patient treatment in the UK,” according to Lucus.

Initial trials have been held by Chelsea and Westminster Hospital and the only real sticking point is that of security.  This has become especially pronounced after the recent attacks on the likes of the World Bank and Sega.

The Cloud Industry Forum warned that “It is important for NHS patients data to be secure in the Cloud, should this e-health system become official.”

The rebuttal by Cloud advocates is that patient records are often left hanging around by hospital beds providing the potential for a much larger security threat.

BMA questions restructuring of NHS data access and availability

Following the news that the UK government is planning to instigate significant reforms to the way in which the NHS makes data available to patients and practitioners, the British Medical Association (BMA) has spoken out over its concerns that the current IT infrastructure will be unable to keep pace with the required changes.

A period of consultation by the government led to the germination of the movement that is set to see English patients being given open access to channels which will facilitate individual control over medical records. This is set to go as far as allowing members of the public access to private data which they can then share with others as they see fit.

The BMA released a statement in which it said that it recognises the need for better implementation of the vast amounts of data controlled by the NHS. It expressed reservations about whether the current IT systems will be able to support the liberalisation of patient data and said that with government cuts there might not be enough cash available to make the necessary improvements.

The statement from the BMA claims that organisations within the NHS could not hope to match the ambitions of the government, even in light of the large monetary injections made by the former administration.

It appreciates that cuts have to fall somewhere but argues savings in IT will create a discrepancy between what is required of the NHS and what it is able to deliver.

BMA spokesperson, Chaand Nagpaul, who is also a GP, said that the NHS has a mountain to climb and that it would have to rely on the current infrastructure if it was to enable members of the public to access data in the proposed manner, as the age of austerity limits the chances of spending being put towards improvements.

The security of allowing such freedom of movement for patient data is also a concern of the BMA and it would seek to see greater measures installed, to ensure that misappropriation, loss and theft of private details are unlikely to occur.

Data harvesting concerns voiced over NHS Choices website

Fears that the NHS Choices website is allowing data about visitors to be gathered by social networking sites and third party firms, have been voiced to the Information Commissioner’s Office (ICO), which has begun investigating the claims.

Analysis of the privacy policy which governs visitors to the site shows that anyone who lands on a page that has a Facebook element embedded, will have data relating to their visit and actions harvested.

In particular the specific time and date, along with the page visited, browser used and operating system installed on the visitors PC, will be taken by Facebook. IP address information will also be gathered, according to reports, with those who are simultaneously logged into the social networking site having their profiles directly linked to this data.

A statement from the Department of Health explained that the data was being harvested in order to improve the way that the NHS Choices site operates, based on how users are accessing its pages and services.

The ICO spoke to V3.co.uk and said that health-related details were essentially the definition of personal, private data. It explained that it had requested for the NHS to provide details as to whether third party organisations would be privy to the specific health data accessed by each user.

Privacy expert, Mischa Tuffield, said that although the NHS Choices privacy policy pointed out that certain pages with obvious Facebook elements would harvest data about users, in her experience, this was not entirely accurate since other pages which should not be included under this definition had still been shown to send data back to the social networking site.

Tuffield said that although the NHS was within its rights to improve services both online and off by gathering user data, it should also give consideration to the privacy of its customers.

The Department of Health has dismissed claims that it has breached the terms of the Data Protection Act with the data harvesting activities of the NHS Choices website.

It said that such eventualities are brought about because of the way in which Facebook operates, not the site itself, with advice for future users being that they should sign out of Facebook before visiting, to avoid being monitored.

NHS to hand control of private data over to patients

In a radical new initiative, the government could completely alter the way in which data relating to NHS patients is controlled, giving individual citizens the right to monitor and limit access to their own information, rather than leaving it in the direct care of the health service.

This news has been made public as part of a white paper published with the aim of creating a revolutionary new way of dealing with information, in an organisation which has been constantly fraught with data loss scandals and security breaches over the past few years.

The coalition government’s health minister, Andrew Lansley, has said that he wants to give patients greater control, not only over their private data, but also over how decisions are made about their treatment.

The plan involves allowing patients to have complete responsibility for records and then hand over relevant details via a central database whenever they were required, allowing them to use their discretion in divulging information.

The government hopes that by enabling patients to participate directly in the type of care they receive, they will be able to restore trust in the NHS and make the experience of receiving treatment more involving.

BSC Health head Matthew Swindells, said that while this would involve changes to the IT infrastructure of the NHS, it would have a wider impact than a simple restructuring of networks, creating a completely different information landscape.

Mr Swindells believes that by opening up the record to patients, it will be easier for people to find issues with the data and consequently make the necessary changes, resulting in a better service from the NHS.

Among the new powers for patients under the plans, will be the ability to select doctors and even procedures, once provided with the proper guidance from experts. The moves have been prompted after the publication of a consultancy, which involved over 5400 patients contributing different ideas and thoughts on their experience from within the NHS as it currently stands.

Fines issued over NHS data loss

Fines are being issued by the Information Commissioner’s Office (ICO), after it found the NHS-regulated Healthcare Locums agency to have been in breach of the rules of the Data Protection Act (DPA), with regards to data loss prevention and information security.

The agency in question was responsible for large amounts of data relating to doctors working for the NHS and the ICO implemented fines after a data loss incident exposed details on certain medical practitioners.

The ICO was alerted to malpractice within the agency when an online auction site was used to sell a hard drive, which was packed with data relating to doctors’ visas and security information.

Although Healthcare Locums reported the incident and notified the ICO, it could not explain to the regulator how such a serious breach of data handling practices was possible. Further investigations revealed that the storage device had been either lost or stolen during transit from Skipton to Loughton.

The ICO identified that the agency had failed to record the reason for the transfer or the specific data that was held on the hard drive, which subsequently went missing. The only reason that it was able to detect that the data loss had occurred at all, was because a private citizen alerted them to the sale.

The ICO’s Sally Anne-Poole, said that this latest data loss from within an organisation linked with the NHS, identified the significance of compliance with the rules of the DPA, in relation to the proper transportation of private details.

She went on to explain that the recruitment agency had since made sure that its policies on data handling and transport were improved, so that further breaches of the DPA would not occur.

Healcare Locums’ Mo Dedat, committed to ensuring that future incidents of data loss are not possible within the firm. This includes not only losses resulting from actions of direct employees of the agency, but also any third party firms which it uses in the process of managing, storing and transporting data.

NHS admits further data loss via unencrypted USB storage device

A new data loss scandal originating from within one of the organisations governed by the NHS has come to light, once more involving the misplacement and subsequent discovery of a portable USB memory stick which was entirely exposed due to a lack of encryption.

Members of the Forth Valley NHS board are being investigated by the Information Commissioner’s Office (ICO), after the media was made aware of the loss. It emerged that an employee had transferred data from NHS systems over to the device, which were personal items, before parting ways with them due to loss or theft.

The board’s chief executive Fiona Mackenzie has committed to a formal undertaking authored by the ICO, that will ensure the future eradication of any unofficial data storage devices from use within the organisation, with staff only being allowed to transfer data on sanctioned, centrally controlled devices.

The board will not be taking a passive stance, but will rather increase security and block any personal memory devices from gaining access to systems.

The ICO’s Scottish representative, Ken Macdonald, reiterated previous statements made by colleagues by saying that, hopefully, this incident will make it clear to other organisations within the NHS that inadequate appreciation of data loss prevention policy amongst staff members, would lead to the leaking of confidential patient information – unless measures are taken.

Mr Macdonald said that he hoped the increasing emphasis on staff responsibility for the use of portable storage would not subsequently allow the heads of such organisations to deny their own part in protecting data when future incidents inevitably arise.

Security expert, Ander Pettersson, said that the portability and convenience of used USB storage devices was difficult to ignore and many businesses rely on mobile technology to increase productivity and flexibility. He recognises the potential for loss or theft posed by these devices and suggests that the NHS will need to invest in a secure USB system, that will retain the integrity of private data.

Mr Pettersson said that while organisations like the NHS have a responsibility for protecting the data of customers, the ICO would also have to use its own powers to police such organisations and impose penalties to prevent future debacles.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal