Nicholson reinforces encryption message

NHS chief executive David Nicholson has asked NHS chief executives to check that their organisations are encrypting all removable data.

In a letter to the NHS, Mr Nicholson asks chief executives to “conduct a review to ensure your organisation has fully implemented the policy that all removable data must be encrypted” and that it is following the recommendations of the Cabinet Office’s Data Handling Review.

Mr Nicholson reminds chief executives that NHS Connecting for Health has made McAfee’s SafeBoot encryption software available “at no cost” to trusts.

He says “there are still more than 200 NHS trusts that have not yet taken advantage of the software.” Although “it may be that other, locally procured software is being used”, he says chief executives should check their organisations “are using encryption appropriately.”

The letter deals in detail with encrypting PACS images on CDs and back-up tapes and says NHS Connecting for Health is working with PACS suppliers and McAfee to enable encrypted CDs to be burned directly from PACS systems.

It also says that a nationally scaled solution for PACS file transfer will be in place by January 2009. “This will allow any file between 20MB and 1GB to be transferred securely across N3 (smaller files can be transferred via NHSmail),” it says.

The letter further details with the security of GP systems and reminds trusts that they must report serious untoward incidents relating to data loss when they happen. Finally, it draws the attention of chief executives to the data sharing review published this summer by Information Commissioner Richard Thomas and Wellcome Trust director Mark Walport.

The Information Commissioner’s powers have been strengthened as a result of government action following HM Revenue and Customs’ loss of 25m child benefit recipients’ details last year, Mr Nicholson points out. Fines of up to £500,000 can now be imposed on bodies or individuals who know about information risks but have not taken reasonable and appropriate steps to deal with them.

Survey: E-Health Insider has today launched a survey on the security of mobile devices.

The survey, sponsored by Credant, explores whether NHS organisations have revised their security policies following recent security breaches and what action they are taking to support or enforce them. 

It also seeks to assess awareness of policies and whether people are continuing to carry unsecured, sensitive information on mobile devices in spite of them. 

"Data security is at the top of people’s to do lists at the moment, as David Nicholson’s letter demonstrates," said EHI editor Jon Hoeksma.

"However, the issues are complicated and have at least as much to do with staff behaviour as technology. This makes this survey very timely."

To participate in the Survey on Mobile Device Security, click below:

http://www.zoomerang.com/Survey/?p=WEB228AJSK6Q3C