Feeds

Care Bears... share: NHS England promises to heal careless data-sharing plans

But outcome of audit will only partially be made public

Internet Security Threat Report 2014

NHS England is still reeling from accusations that the health service – among other things – allowed a consultancy outfit to pump sensitive patient data onto Google servers.

Critics have argued that the apparently carefree and careless approach to sharing hospital records with private companies simply highlighted that a cautious, transparent and trustworthy approach was needed with NHS England's now six-month delayed GP medical records plan, dubbed care.data.

The Health and Social Care Information Centre - the body responsible for keeping patients' data secure - said this morning that its execs had agreed to conduct an audit of all the data releases made by its predecessor NHS Information Centre.

When quizzed last week by MPs about the NHSIC, which - it was claimed - had been found to have sold hospital records to insurers, the government's health undersecretary of state Dan Poulter batted away questions by declaring that such allegations related to actions taken by the HSCIC's predecessor prior to new legislation being put in place to tighten controls.

He said at the time:

The Health and Social Care Information Centre has much stronger safeguards in place than the NHS Information Centre did, which was the predecessor body, because of the 2012 [Health and Social Care] Act.

In other words, it hadn't happened on the HSCIC's watch. Since then, the organisation has been battling a three-pronged privacy storm.

In an effort to be seen to be doing the right thing, the HSCIC said it was beefing up its board by bringing in three non-exec directors ahead of publishing a report early next month that will make public "all data released under" the 11-month-old body.

The Register sought clarification about exactly what information would be released in that report from the HSCIC.

We asked: Will the HSCIC be publishing details of all data released under the NHSIC? If not, why not? And what will the audit achieve, if it's not transparent with the public about those particular releases?

Initially, the organisation's spokeswoman told us:

The audit will look at all data released by the NHSIC and will be published.

A tricky statement, readers might agree, that was difficult to parse. We asked for a clearer response, to which the HSCIC's spokeswoman replied:

I cannot give more detail on the form that Sir Nick [Partridge]’s audit will take – this is for him to determine. However, if you see his comment on the press release and that of Kingsley [Manning], our chair, you will see that they are making commitments to transparency.

The press release itself states that the report will be published on 2 April and will detail, among other things, "the legal basis on which data was released and the purpose to which the data is being put."

The HSCIC said it intended to release such information on a quarterly basis to allow members of the public to probe its decisions.

The body is also in the process of reminding outfits and researchers who have access to its hospital data about their responsibilities, the HSCIC's right to audit them and the fact that their names will soon be mud made public, it said.

Manning, meanwhile, appeared to make it clear that data released by the NHSIC will only be looked at behind closed doors. He said:

We very much welcome recent announcements by the Secretary of State, including his intention to strengthen the legal basis of the HSCIC, which will increase patients' ability to object to the indirect use of their data and reinforce the requirement for their interests to be at the forefront when decisions to release data are made.

The HSCIC is absolutely committed to improving its own transparency and engagement with the public. In both reviewing the actions of the old NHS Information Centre and publishing our own decisions, we are encouraging public scrutiny. The clear benefits to patients of research and analysis of medical outcomes must drive our lawful release of data. This is why we were created by the Health and Social Care Act 2012.

The planned amendments (PDF) to the bill are tabled for a Parliamentary showdown next week. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Lawyers mobilise angry mob against Apple over alleged 2011 Macbook Pro crapness
We suffered 'random bouts of graphical distortion' - fanbois
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
Inside the EYE of the TORnado: From Navy spooks to Silk Road
It's hard enough to peel the onion, are you hard enough to eat the core?
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.