The Information Commissioner has identified GPs as a data security risk, according to David Nicholson, chief executive of the NHS.

Nicholson has written to NHS chief executives, asking them to check that their organisations are encrypting removable data and re-emphasising that information risk management should be high on their agendas.

In the letter, Nicholson also says that Information Commissioner Richard Thomas has identified a risk relating to “the dispersed nature of GPs and their independent status.”

The letter adds: “Each practice is legally responsible for holding data securely and we are looking at the national contract and considering how best to secure compliance with standards through contractual means in the future.”

In the meantime, he says primary care trusts should be reminded to conduct a risk assessment on the transport of patient identifiable data.

He adds that NHS Connecting for Health has negotiated “significant reductions on licence and installation prices” for back up tape encryption services under the GP Systems of Choice framework. PCTs are asked to order such services by the end of September so that a deadline can be set for installation across all PCTs.

Nicholson sets out a series of other steps PCTs should take to ensure data security at GP practices including:

• ensuring all practices sign a statement of compliance for key security requirements

• ensuring all practice use the NHS information Governance Toolkit

• making sure all practices are aware of the availibility of free encryption software for removable data

• encouraging all practices to move to NHSmail and making practices area of the N3 network and Gpo2Go for the transfer of data.

Survey: E-Health Insider has launched a survey on the security of mobile devices.

The survey, sponsored by Credant, explores whether NHS organisations have revised their security policies following recent security breaches and what action they are taking to support or enforce them. 

It also seeks to assess awareness of policies and whether people are continuing to carry unsecured, sensitive information on mobile devices in spite of them. 

"Data security is at the top of people’s to do lists at the moment, as David Nicholson’s letter demonstrates," said EHI editor Jon Hoeksma.

"However, the issues are complicated and have at least as much to do with staff behaviour as technology. This makes this survey very timely."


To participate in the Survey on Mobile Device Security, click below: