Skip to main content

In wake of debacle, HSCIC comes up with secure patient data platform

NHS England's emerging focus for patient data collage, the Health and Social Care Information Centre (HSCIC), is planning to develop a patient data security programme.

The Centre, set up in April 2013 as a body responsible for the safe and secure handling of healthcare IT systems and information for the NHS, has come under fire for its part in the now on-hold ‘’ plan.

The news comes after Health Secretary Jeremy Hunt wrote a letter to the organisation asking it to ensure that all patient information is held and used securely across the entire health care system in wake of’s controversy.

“As we move towards a more comprehensive system I believe we must use this opportunity to better understand current and future threats to data security and use this information to inform better practices in the area,” claimed Hunt in his letter.

“I would therefore like HSCIC to develop plans to ensure that those entrusted with confidential data – all care settings, commissioning organisations and the staff that work in them – are doing all they can to protect patient data,” he added.

The Health Secretary also wrote that a means to test the extent to which current procedures are being followed needs to be developed, as well as collaboration with other organisations to provide assurance about the safety of patient data.

In response, HSCIC wrote to Hunt, detailing proposals to establish a programme that will ensure security of data across the health and social care system.

“The objective of our proposals is twofold. First, to ensure that all health and social care professionals and the organisations they work for, recognise and implement their responsibilities under the existing framework of law and regulation,” HSCIC wrote in its letter.

“Second, to ensure that the performance of these responsibilities is transparent and subject to both public and independent scrutiny,” the organisation added.

The five arms of HSCIC’s suggested measures

HSCIC claims its proposal covers five areas:

  • strengthening compliance with certification to prove commitment to data security
  • meeting with organisations to ensure meeting data security and information governance requirements are prerequisites for health services
  • giving healthcare organisations access to the best available resources for security
  • a programme of independent audit
  • establishing a national security strategy.

HSCIC’s letter to Hunt also reveals that it intends to work with its health and care partners, such as NHS England, Monitor, CQC (Care Quality Commission) and NHSTDA (NHS Trust Development Authority).

The organisation says its aim is to update the Health Secretary of the progress of the proposals on an annual basis, starting from March 2015.

Data security is currently a largely debated topic in the healthcare industry as NHS England attempts to create a centralised database of patient information with its scheme.

In February, the launch date of this programme was delayed by six months, following concerns that the public had not received enough education and many were concerned about the privacy of their information.