Patient data could be vulnerable in new NHS database

News by Doug Drinkwater

The National Health Service is to start saving patient data onto a centralised database, but with improved manageability comes concerns over potential breaches and data losses.

The NHS has started posting leaflets to UK households on its intention to save and store all GP patient data at a centralised database.

The leaflet invites patients to opt out of the programme if they wish. The data is collated by the NHS Health and Social Care Information Centre (HSCIC) in a bid to improve analysis of trends that could help plan future health services.

The HSCIC, perhaps anticipating concerns over data protection considering the number of NHS data breach incidents over the years, says that the centre is a “safe haven” but that hasn't reassured the infosec community concerned that the database will be susceptible to data breaches and losses, even from inside the same organisation.

 “As plans go up a gear on creating and making available aggregated, but still sensitive, patient data for research and commercial purposes, security is bound to be on the agenda of the NHS or this grand project is going to go nowhere,” Marc Lee, Director EMEA at risk management company Courion, told

Lee went onto urge the NHS to implement “stringent access risk analysis”, and voiced concerns that the end user is likely to the biggest concern.

“While there will much attention paid to external defences, critical to maintaining public trust in the database is how widening legitimate access to patient data must come with tough but smart identity access management strategies.  

“The truth is the majority of serious data breaches use stolen or misused legitimate access privileges,” he said. “So even the most imposing firewall defences can be sidestepped. Patients will be more reassured if the NHS followed the strategic starting point embraced by digital savvy businesses: anything that can be stolen will be stolen.”

IDC's Andy Buss, the consulting manager for Europe on data center infrastructure and client devices, told that while the move does “make sense” from the perspective of storing and sharing data, there are numerous security implications.

“There are challenges on how to guarantee the security and privacy of the data, and questions on how it works,” he said. Buss suggested too that GPs will likely use other solutions if the database proves unsuccessful.

“It takes many years to roll-out a centralised system and there are always parallel systems used to get on with business. There's a worry that the new system becomes partially used and bypassed.”

The IDC analyst said that a relative lack of standards, an issue raised on the topic of data exchange in a recent Health Information and Management Systems Society (HIMSS) report, is a worry in light of regular data thefts and losses, and stressed the importance of the new system employing encryption, synchronization back to the database, and utilising user privileges and tools which can track access.

Buss, like Lee, added that the end user will most likely be the biggest concern.

“There will always be risks, it's just about reducing the variants. One of the biggest threats is hacking, which while not necessarily an area where money can be made, can result in extortion and insurance implications.

“But the usual threat is that people make mistakes. Human error is always one of the biggest reasons for data leaks.”


In an email to, a HSCIC spokesperson outlined the security measures in place for the new NHS database:

“All confidential data is held on secure servers in secure data centres, which only authorised personnel can access,” a spokesperson said.

“Staff who require access to confidential data held either on the secure servers or in a different format, can only access it where they have a business justification for doing so and met required access controls. Data is kept no longer than necessary. We have plans in place to recover and restore information and services in the event of a disaster.



“We remove any personal details (such as NHS numbers or dates of birth) from data held by the HSCIC as soon as possible, wherever possible, and confidential data is encrypted whilst in transit or transported by secure courier if it cannot be transported electronically.”


The spokesperson added that the department's performance on information security is independently measured against the ‘NHS Information Governance Toolkit', which checks data is being handled correctly and is safe from loss, damage, destruction and unauthorised users (its recent toolkit score was 98 percent).


Confidential data is said to be securely stored within the HSCIC and in according with the statutory and mandatory requirements such as the Data Protection Act 1998 and the Information Security Management NHS Code of Practice.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews