GPs a risk to patient data security, says NHS chief

GPs cannot be trusted to hold patient data securely, the chief executive of the NHS has warned.

In a letter to all NHS trust chief executives, David Nicholson also said the DoH was looking at making compliance with security standards a part of the national contract.

Former GPC IT spokesman Dr Paul Cundy said the letter showed 'a profound misunderstanding' of the risks to patient confidentiality. He added: 'GPs are the least leaky part of the NHS.'

Mr Nicholson wrote that the Information Commissioner had warned him that 'the dispersed nature of GPs and their independent status' posed a risk to data security.

'We are looking at the national contract and considering how best to secure compliance with standards through contractual means in the future,' he wrote.

He also called for all practices to use secure systems such as NHSmail and GP2GP, and for PCTs to draw attention to the availability of free encryption software.

Ewan Davis, health informatics expert at the British Computer Society, said that it was 'no bad thing' to remind GPs of the need to encrypt portable information storage devices such as data sticks.

But he said claims that the dispersed nature of GP data made it less secure made 'no sense at all'.

'It means the risk is dispersed,' he said. 'You don't get the same level of risk in practices as in national databases because the number of records they hold is significantly smaller.

'GPs are more aware of security issues than any other part of the NHS,' he added. 'But the DoH gets edgy about things it can't control.'

Dr Cundy said Mr Nicholson was targeting the most secure part of the NHS, and pointed out that GPs represent 90 per cent of NHS business but only account for 10 per cent of data losses.

'But they want all GP records to move onto a single large database, even though this is an argument against doing it,' he said.

Comment below and tell us what you think

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins


Already registered?

Sign in