A Breach in NHS Trust?


Whether it is the latest iCloud scandal around a celebrity’s stolen photos or new found concerns over a lax approach to protecting patient records, a culture of mistrust is building around digital data and security. Beyond personal paranoia and wondering if our selfies are safe however, these views could be having a negative effect on our healthcare too.

The full digitisation of our patient data is already well underway, with the NHS having been set the challenge of going paperless by 2020. As this takes place, should we be concerned about our private medical information being vulnerable to cyber-attacks and breaches, as the leaking of the patient data of nearly 800 patients who had attended a London-based HIV clinic earlier this year might suggest?

Possibly. But whilst it is evident that more needs to be done to ensure data security in healthcare systems, what has been made equally clear is the vital importance of public engagement with these systems – meaning more also needs to be done to turn the tide of current cynicism.

The go-to example of a false starter in the world of health data is that of the NHS ‘care.data’ programme, designed to compile a central database held by the Health and Social Care Information Centre (HSCIC) of anonymised patient data taken from GPs, hospitals and care homes.

Among the several missteps taken by the project was its severely disappointing and ineffective communications strategy, which was widely criticised for having failed, in the run up to the programme’s launch, to properly communicate the potential risks posed to patients’ data.   

And that was before the news of any breaches reached the press to stir up public fear.

Speaking recently at the Cyber Security in Healthcare conference in London, Rob Shaw, chief operating officer at NHS Digital’s Data Security Centre stated that the ‘security and integrity of data in healthcare is absolutely critical’, pledging to drive a more security-conscious culture in the NHS going forward.

Certainly, a principal goal, as Shaw recognises, is to ensure rigorous systems are put in place and that those handling sensitive patient data are regularly trained to adhere to stringent security protocols. Security is a field which constantly sees new threats emerging; so fighting it must be an ongoing battle, not a case of training someone once and then resting on one’s laurels.

Aside from sorting the internal systems and processes, there is also a clear need for effective healthcare communications to engage with current concerns and to reassure patients and health care professionals alike that these systems can be trusted.

Beyond the endeavour to build public confidence, there are many under-explored opportunities to showcase how these systems offer numerous potential benefits to our struggling healthcare system, including allowing for greater efficiencies and cost-saving, easing the strain on resources and finances.

There is also the fact that having access to a large, central database of patient information can be an invaluable tool in the hands of healthcare professionals, revealing trends that smaller data sets would not necessarily show.

Potential aside, a move to a digital NHS is already well underway but it’s future success will depend very much on all the necessary stakeholders involved communicating positively, to secure the buy-in from the public, or risk another flop like care.data.