Feeds

Care Bears... share: NHS England promises to heal careless data-sharing plans

But outcome of audit will only partially be made public

Gartner critical capabilities for enterprise endpoint backup

NHS England is still reeling from accusations that the health service – among other things – allowed a consultancy outfit to pump sensitive patient data onto Google servers.

Critics have argued that the apparently carefree and careless approach to sharing hospital records with private companies simply highlighted that a cautious, transparent and trustworthy approach was needed with NHS England's now six-month delayed GP medical records plan, dubbed care.data.

The Health and Social Care Information Centre - the body responsible for keeping patients' data secure - said this morning that its execs had agreed to conduct an audit of all the data releases made by its predecessor NHS Information Centre.

When quizzed last week by MPs about the NHSIC, which - it was claimed - had been found to have sold hospital records to insurers, the government's health undersecretary of state Dan Poulter batted away questions by declaring that such allegations related to actions taken by the HSCIC's predecessor prior to new legislation being put in place to tighten controls.

He said at the time:

The Health and Social Care Information Centre has much stronger safeguards in place than the NHS Information Centre did, which was the predecessor body, because of the 2012 [Health and Social Care] Act.

In other words, it hadn't happened on the HSCIC's watch. Since then, the organisation has been battling a three-pronged privacy storm.

In an effort to be seen to be doing the right thing, the HSCIC said it was beefing up its board by bringing in three non-exec directors ahead of publishing a report early next month that will make public "all data released under" the 11-month-old body.

The Register sought clarification about exactly what information would be released in that report from the HSCIC.

We asked: Will the HSCIC be publishing details of all data released under the NHSIC? If not, why not? And what will the audit achieve, if it's not transparent with the public about those particular releases?

Initially, the organisation's spokeswoman told us:

The audit will look at all data released by the NHSIC and will be published.

A tricky statement, readers might agree, that was difficult to parse. We asked for a clearer response, to which the HSCIC's spokeswoman replied:

I cannot give more detail on the form that Sir Nick [Partridge]’s audit will take – this is for him to determine. However, if you see his comment on the press release and that of Kingsley [Manning], our chair, you will see that they are making commitments to transparency.

The press release itself states that the report will be published on 2 April and will detail, among other things, "the legal basis on which data was released and the purpose to which the data is being put."

The HSCIC said it intended to release such information on a quarterly basis to allow members of the public to probe its decisions.

The body is also in the process of reminding outfits and researchers who have access to its hospital data about their responsibilities, the HSCIC's right to audit them and the fact that their names will soon be mud made public, it said.

Manning, meanwhile, appeared to make it clear that data released by the NHSIC will only be looked at behind closed doors. He said:

We very much welcome recent announcements by the Secretary of State, including his intention to strengthen the legal basis of the HSCIC, which will increase patients' ability to object to the indirect use of their data and reinforce the requirement for their interests to be at the forefront when decisions to release data are made.

The HSCIC is absolutely committed to improving its own transparency and engagement with the public. In both reviewing the actions of the old NHS Information Centre and publishing our own decisions, we are encouraging public scrutiny. The clear benefits to patients of research and analysis of medical outcomes must drive our lawful release of data. This is why we were created by the Health and Social Care Act 2012.

The planned amendments (PDF) to the bill are tabled for a Parliamentary showdown next week. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
Apple tried to get a ban on Galaxy, judge said: NO, NO, NO
Judge Koh refuses Samsung ban for the third time
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.