NHS cloud-based records may put patients at risk

NHS patient data could soon be heading online, as a London hospital pilots a project to host clinical records in the cloud - sparking fears confidential data could fall victim to hackers and identity thieves.

The trial, being launched by the Chelsea and Westminster Hospital, will see patient records stored online, rather than on computers in individual hospitals or GP surgeries, helping to reduce the cost of implementing the NHS's troubled National Programme for IT (NPfIT).

Hosting patient data in the cloud will enable it to be accessed remotely by doctors and patients. Patients using the system will be able to control who gets to look at their data, and can invite specialists to look at their results.

But that same flexibility has given rise to fears that highly sensitive personal information could fall into the hands of hackers. A string of high-profile security breaches at the hands of hackers including recently-disbanded outfit LulzSec, has seen individuals' data outed online, and credit card details stolen from more than 100 million users of Sony's PlayStation Network (PSN).

Earlier this month, LulzSec claimed in a post on micro-blogging site Twitter to have snatched a number of NHS administrator passwords and compromised health service computer systems, although no data was stolen.

Chelsea and Westminster's two-year pilot project has been developed by Scottish contractor Flexiant, alongside Edinburgh Napier University, and will allow patient info to be accessed via "a range of device", including computers and mobile phones. To begin with, the trial will use simulated patient data.

Flexiant founder Tony Lucas said: "For the first time patients can have control over their treatment and their records and that is enormously empowering."

If implemented more widely, cloud-based storage of patient records could help to significantly reduce spending on the NHS NPfIT, currently estimated at £11.7 billion.