Security Experts Welcome Online NHS But Warn of Potential Pitfalls

Threat mitigation specialist Cryptzone has welcomed the news that the Department of Health plans to relocate NHS patient data and services online in the near future, but is warning the government that a high-level of security is necessary to inspire the kind of public confidence needed to make the initiative a success.

The firm says it foresees patients welcoming the introduction of an online portal for routine requirements like booking appointment and requesting repeat prescriptions, but that fully digitalising the storage of vast amounts of potentially sensitive personal information requires a rigorous security system.

Concerns and Cuts

The principle worries are that the public will see the project as part of the government's cuts programme, and that it might not be possible to fully computerise the more sophisticated end of the primary health care spectrum in the way the Department of Health has indicated.

In both cases, the general population could lose faith in the progressive changes being made if there is not an adequate level of communication and realistic level of expectation.

"Promoting flexibility and local innovation to harness information and new technologies may sound attractive, but the constant drive for cost-cutting has resulted in a lowering of confidence," says Grant Taylor, UK Vice President of Cryptzone.

"Whilst the technologists amongst us understand that the security - and IT systems - are potentially scalable, we have seen too many failures where NHS technology are concerned," Mr Taylor adds.

Education, Education, Education...

A security sandbox separating individuals' computers and the centralised patient data system is being touted as the obvious solution, though some commentators wonder whether the technology will be able to scale up to cope with the colossal amount of activity the service will invariably see.

Understanding and competence on both sides of the equation is being highlighted as essential. Less IT savvy members of the public will have to grasp exactly how their information is being protected, while NHS staff must be adequately trained to maintain the system's security barriers at all times.

Taylor contends that this requires a complete culture shift in the way patients, healthcare users and NHS professionals work and interact on the technology front.

"Most current NHS IT systems do not even record information in the same way, so merging data systems can only be a long term aspiration. I have grave doubts as to whether the public have enough confidence in IT security to embrace an electronic healthcare revolution any time soon," he says.

Learning From the Banks?

Some analysts are encouraging the government to look to the successes of online banking as an example of how highly sensitive information can be stored and accessed in a digital environment.

But a key difference exists in that high street banks did not have an issue with public confidence when online banking was first being rolled out - the NHS does.

In April, the South London healthcare trust was reported to have lost two unencrypted USB sticks containing the medical details of around 630 patients, including children. The trust was also recently fined for sending 45 faxes to the wrong person.

An Important but Difficult Moment

As the government is also toying with the digitalisation of other public and social services, it is essential that any lab-ratting done at this stage is viewed as a success.

The modernisation of data management systems is promising, but both the government and healthcare provider must obtain an implicit mandate from the public before this particular dream can come out of the pipe. For the NHS, it is a relatively uncomplicated matter of making less costly blunders less often.

It is more complex for the politicians. The last decade has bred a considerable degree of cynicism when it comes to Westminster-led programmes and its institutions, with this particular government not exactly boasting a reputation for affecting dramatic change.

What a shame it would be if such attitudes were allowed to curtail a potentially revolutionary change in how our health care service is managed. Still, it is not unwise for any optimism to remain cautious at this stage.