The NHS has been criticised by the Information Commissioner over its data protection failings.

 

According to eWeek, the NHS has received a letter of warning from the office of the Information Commissioner Richard Thomas, who asked the Department of Health to tighten up policy on the control of patient information.

 

However a report by the Guardian claimed that patients will be allowed to delete electronic summaries of their treatment records from a new national medical database. Up until recently the Department of Health had resisted pressures to delete records, with officials describing the cost of deleting individual summary care records from the system as ‘prohibitive'.

 

Instead it had offered to ‘mask' or ‘suppress' unwanted files to make them difficult to access, a process that would nonetheless leave personal details on the database.

 


Don Smith, technical director at dns, said: “The NHS holds large amounts of sensitive patient data and so to have over 140 breaches in four months is unacceptable.  Patients should be angry about these incidents as it appears the high profile and costly breaches that have appeared in the press over the past year have had no effect on some organisations' IT security strategy.”

David Harley, director of malware intelligence at ESET, said: “There is certainly a lot wrong with NHS security, and some of those million+ people have made massive blunders, but the service still employs a great many competent and motivated people who don't deserve to be treated as a political football and national scapegoat by a government and society that's still struggling with the difficulties of online culture and finding its own place in the modern world.”