The loss of discs containing the personal details of millions of people by the HM Revenue and Customs is a case in point. It was deemed to be easier and cheaper to send all this sensitive data rather than strip out the data that was actually needed - both stupid and lazy, perhaps.
However, the implications of this incident have a much wider range than this one government department. GPs are involved in one of the largest attempts to gather sensitive personal information into a single database - the e-records spine.
When questioned about the security of the care records and the spine, Connecting for Health are always quick to reassure that users of the system will have training about confidentiality and data security. But then it is probably safe to assume that the Revenue and Customs staff had similar training.
Connecting for Health must allow for the human factor in all its data security procedures, whether that be a malicious breach or just the result of someone leaving a PC logged on or a smartcard lying about.
GPs were warned last week that they could face a £5,000 fine from the Information Commissioner for the loss of a laptop containing any confidential patient data. But a similar punishment cannot be applied to the Revenue and Customs, because the commissioner has no power over this government department.
Connecting for Health and the DoH must work with the Information Commissioner to ensure a robust scale of punishment for any security breaches to the care record system, as well as showing how the human factor can be minimised.
This system must be such that any NHS body where there is a failure will face a sanction that will adversely affect its budgets, so that there is a minimal chance of lax practices being permitted. Only then will the public and GPs be reassured.
