ICO will get new powers to keep the NHS in line over data security

The ICO (Information Commissioner's Office) will be given new powers to keep the NHS in line when it comes to patient data.

This all comes hot on the heels of a controversial episode whereby an NHS contractor, PA Consulting, was found to have uploaded a ton of patient data to be crunched by Google in the cloud, to save time rather than using the firm’s own private servers. Private being the key word, of course, as privacy activists were very much up in arms about patient data being chucked cloud-wards.

As SC Magazine notes, there have been other claims that hospital records are being misused in the private sector, with firms, for example, apparently employing them to suss out marketing strategies across social networks.

So Justice Minister Simon Hughes has announced that the ICO will have the power to conduct “compulsory audits” on the NHS, in order to better monitor how the health service is treating patient data.

This isn’t happening now, but rather the Information Commissioner will be granted this ability come the autumn.

PA Consulting stringently denies having done anything wrong, meanwhile, and stressed that all the patient data which was processed in the cloud was anonymous, with the records not having any names attached, or dates of birth, addresses, NHS numbers or any other identification means.

The firm said that the data in question “does not contain information that can be linked to specific individuals and is held securely in the cloud in accordance with conditions specified and approved by the NHS.”

It added: “Our approach protects patient confidentiality and allows insights to be derived at significantly lower cost, and 100 times faster, than any traditional approach.”

A couple of weeks back, the NHS delayed the rollout of Care.data, the controversial data sharing initiative, and instead of coming next month it’s now slated for the autumn.

Care.data is set to be a repository for medical information on patient’s past illnesses, medication and other important records, but the fear is that this national database could be open to hacking and exploitation, and could potentially further diminish the trust in the NHS.