MPs want the Department of Health to provide more information on data security breaches in the NHS and to set out clearly the sanctions that staff face for breaking data security rules.
The House of Commons Public Accounts Committee made its recommendations as part of its second report on the National Programme for IT in the NHS.
The report concluded that the NHS Care Records Service was at least four years behind schedule and that NPfIT should be given six months to get care records systems into hospitals. After that, it said the DH should consider allowing trusts to choose their own IT and have it funded centrally.
On data security, MPs said patients and doctors had “understandable concerns” and that whatever security provisions were put in place they ultimately relied upon the actions of individual members of NHS staff.
They urged the DH and the NHS to set out clearly the sanctions that would apply in the event of staff breaching data security procedures and said they should report on their enforcement of those procedures.
At the moment, the Committee said the DH does not have a full picture of data security across the NHS, because strategic health authorities are only required to report the most serious incidents to it.
However, the report says the DH should also report annually on the level of ‘serious untoward incidents’, on any penalties that have been imposed on suppliers for security breaches and on the steps that are being taken to keep patient data secure.
Link:
Public Accounts Committee – Second Report on the National Programme for IT