Feeds

Care Bears... share: NHS England promises to heal careless data-sharing plans

But outcome of audit will only partially be made public

Reducing security risks from open source software

NHS England is still reeling from accusations that the health service – among other things – allowed a consultancy outfit to pump sensitive patient data onto Google servers.

Critics have argued that the apparently carefree and careless approach to sharing hospital records with private companies simply highlighted that a cautious, transparent and trustworthy approach was needed with NHS England's now six-month delayed GP medical records plan, dubbed care.data.

The Health and Social Care Information Centre - the body responsible for keeping patients' data secure - said this morning that its execs had agreed to conduct an audit of all the data releases made by its predecessor NHS Information Centre.

When quizzed last week by MPs about the NHSIC, which - it was claimed - had been found to have sold hospital records to insurers, the government's health undersecretary of state Dan Poulter batted away questions by declaring that such allegations related to actions taken by the HSCIC's predecessor prior to new legislation being put in place to tighten controls.

He said at the time:

The Health and Social Care Information Centre has much stronger safeguards in place than the NHS Information Centre did, which was the predecessor body, because of the 2012 [Health and Social Care] Act.

In other words, it hadn't happened on the HSCIC's watch. Since then, the organisation has been battling a three-pronged privacy storm.

In an effort to be seen to be doing the right thing, the HSCIC said it was beefing up its board by bringing in three non-exec directors ahead of publishing a report early next month that will make public "all data released under" the 11-month-old body.

The Register sought clarification about exactly what information would be released in that report from the HSCIC.

We asked: Will the HSCIC be publishing details of all data released under the NHSIC? If not, why not? And what will the audit achieve, if it's not transparent with the public about those particular releases?

Initially, the organisation's spokeswoman told us:

The audit will look at all data released by the NHSIC and will be published.

A tricky statement, readers might agree, that was difficult to parse. We asked for a clearer response, to which the HSCIC's spokeswoman replied:

I cannot give more detail on the form that Sir Nick [Partridge]’s audit will take – this is for him to determine. However, if you see his comment on the press release and that of Kingsley [Manning], our chair, you will see that they are making commitments to transparency.

The press release itself states that the report will be published on 2 April and will detail, among other things, "the legal basis on which data was released and the purpose to which the data is being put."

The HSCIC said it intended to release such information on a quarterly basis to allow members of the public to probe its decisions.

The body is also in the process of reminding outfits and researchers who have access to its hospital data about their responsibilities, the HSCIC's right to audit them and the fact that their names will soon be mud made public, it said.

Manning, meanwhile, appeared to make it clear that data released by the NHSIC will only be looked at behind closed doors. He said:

We very much welcome recent announcements by the Secretary of State, including his intention to strengthen the legal basis of the HSCIC, which will increase patients' ability to object to the indirect use of their data and reinforce the requirement for their interests to be at the forefront when decisions to release data are made.

The HSCIC is absolutely committed to improving its own transparency and engagement with the public. In both reviewing the actions of the old NHS Information Centre and publishing our own decisions, we are encouraging public scrutiny. The clear benefits to patients of research and analysis of medical outcomes must drive our lawful release of data. This is why we were created by the Health and Social Care Act 2012.

The planned amendments (PDF) to the bill are tabled for a Parliamentary showdown next week. ®

Maximizing your infrastructure through virtualization

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.