Most GP systems will require security upgrades

  • 15 April 2008

The majority of GP clinical IT systems will not meet the Department of Health’s new data security requirements for transfer and storage of patient data and PCTs will need to fund the costs of extra encryption, according to Connecting for Health.

CfH’s programme director for GP Systems of Choice (GPSoC), Kemi Adenubi, has written to PCT and strategic health authority GPSoC leads to alert them to the latest requirements for secure storage and transmission of patient identifiable data and the need to meet the costs of additional encryption.

NHS chief executive David Nicholson ordered a review of NHS data security at the end of last year following the loss of confidential data on all recipients of Child Benefit by HM Revenue and Customs in November 2007. It advised trust chief executives to buy-in additional data security expertise if needed and to give priority to the security of data in transit.

This month’s letter from Adenubi states: “PCTs and practices have a responsibility to protect patient identifiable data in the practice and in transit. Most existing GP clinical IT systems do not currently provide the protection that will meet the Department of Health’s data security requirements.”

Adenubi says the SafeBoot encryption software recently bought by CfH on behalf of the NHS can be used to meet most of the encryption requirements in a practice but specialist encryption software will be required for back up tapes and for some types of personal digital assistants (PDAs) used to access clinical data.

GPSoC suppliers will be asked to offer services for the encryption of system back ups, data archives on portable devices and other portable electronic media and drives or desktops. Suppliers will also be asked to set out how existing processes for services such as back up tape verification and data migration will need to be changed to meet CfH requirements.

Adenubi’s letter adds: “NHS CFH will negotiate value for money pricing for these services centrally in the expectation that all practices will require back up tape and PDA encryption as a minimum. There is however no central funding for the purchase of these services and it will fall to PCTs to order and fund these services locally.”

Services should be to be available to order under the GPSoC agreements by the end of April 2008 according to CfH but if practices and PCTs do not want to wait that long they can choose to purchase encryption services from suppliers outside of the GPSoC arrangements. The GP suppliers’ current proposals for protection of patient data are outlined on the CfH website.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

GPs face EMIS IT outage at busiest time of the week

GPs face EMIS IT outage at busiest time of the week

An outage to the EMIS IT system caused “chaos” for GPs in England when access was cut off to appointment booking systems and patient records.
One in five GPs using AI tools in clinical practice, finds BMJ survey

One in five GPs using AI tools in clinical practice, finds BMJ survey

An online survey of UK GPs by the BMJ has revealed that one in five are using generative AI tools such as ChatGPT in clinical…
Pitchfest finalist Little Journey launches app at Walsall hospital

Pitchfest finalist Little Journey launches app at Walsall hospital

An app from Pitchfest finalist, Little Journey has gone live at Walsall Manor Hospital to help young patients prepare for hospital stays.