Security clampdown on NSTS batch deliveries

A clampdown on deliveries of unencrypted data sent by regular mail services has been announced by the NHS Strategic Tracing Service (NSTS).

The action announced by Connecting for Health, which is responsible for the NSTS, follows the now-notorious incident in which 25m personal records were lost in transit between HM Revenue and Customs and the National Audit Commission.

NHS organisations that send batches files to the NSTS have been told that all files sent on any physical media must be sent by special delivery or courier, not by recorded mail or standard mail. In addition the announcement says all batch files sent must be encrypted using the 256 bit advanced encryption standard (AES-256) algorithm.

“With effect from 9am on Wednesday 21 November 2007, if either of these criteria are not met the media will be destroyed upon receipt,” the announcement warns.

The NSTS is a national database of all patients in England and Wales used by authorised staff to obtain a patient’s NHS number and a range of up-to-date administrative information.

According to Connecting for Health’s website the NSTS provides three core services: batch tracing for large amount of patient data; online tracing for quick access to individual patient data and online reporting for analysis.

The webpage on access and security reads: “The NSTS database covers every patient registered with the NHS in England and Wales. This makes it the first ever national database accessible by the NHS. Security is therefore of the highest importance and there is a comprehensive security policy and access and security protocols, which govern how the NHS Strategic Tracing Service is used.”