Skip to main content

In wake of debacle, HSCIC comes up with secure patient data platform

NHS England's emerging focus for patient data collage, the Health and Social Care Information Centre (HSCIC (opens in new tab)), is planning to develop a patient data security programme.

The Centre, set up in April 2013 as a body responsible for the safe and secure handling of healthcare IT systems and information for the NHS, has come under fire for its part in the now on-hold ‘’ plan (opens in new tab).

The news comes after Health Secretary Jeremy Hunt (opens in new tab) wrote a letter to the organisation asking it to ensure that all patient information is held and used securely (opens in new tab) across the entire health care system in wake of’s controversy.

“As we move towards a more comprehensive system I believe we must use this opportunity to better understand current and future threats to data security and use this information to inform better practices in the area,” claimed Hunt in his letter.

“I would therefore like HSCIC to develop plans to ensure that those entrusted with confidential data – all care settings, commissioning organisations and the staff that work in them – are doing all they can to protect patient data,” he added.

The Health Secretary also wrote that a means to test the extent to which current procedures are being followed needs to be developed, as well as collaboration with other organisations to provide assurance about the safety of patient data.

In response, HSCIC wrote to Hunt, detailing proposals to establish a programme that will ensure security of data across the health and social care system.

“The objective of our proposals is twofold. First, to ensure that all health and social care professionals and the organisations they work for, recognise and implement their responsibilities under the existing framework of law and regulation,” HSCIC wrote in its letter (opens in new tab).

“Second, to ensure that the performance of these responsibilities is transparent and subject to both public and independent scrutiny,” the organisation added.

The five arms of HSCIC’s suggested measures

HSCIC claims its proposal covers five areas:

  • strengthening compliance with certification to prove commitment to data security
  • meeting with organisations to ensure meeting data security and information governance requirements are prerequisites for health services
  • giving healthcare organisations access to the best available resources for security
  • a programme of independent audit
  • establishing a national security strategy.

HSCIC’s letter to Hunt also reveals that it intends to work with its health and care partners, such as NHS England (opens in new tab), Monitor (opens in new tab), CQC (opens in new tab) (Care Quality Commission) and NHSTDA (opens in new tab) (NHS Trust Development Authority).

The organisation says its aim is to update the Health Secretary of the progress of the proposals on an annual basis, starting from March 2015.

Data security is currently a largely debated topic in the healthcare industry as NHS England attempts to create a centralised database of patient information with its scheme (opens in new tab).

In February, the launch date of this programme was delayed by six months (opens in new tab), following concerns that the public had not received enough education and many were concerned about the privacy of their information.

© (opens in new tab)