HC Deb 13 March 1989 vol 149 cc66-7W
Miss Emma Nicholson

To ask the Secretary of State for Health what precautions are taken to ensure the confidentiality of computerised individual personal Health Department files from unauthorised internal and external penetration.

Mr. Freeman

The Department of Health has taken a number of precautions against unauthorised internal and external breaches of the confidentiality of personal files held on computer. There is a continuing programme aimed at raising the awareness of staff of possible threats to this confidentiality and approximate countermeasures most of which involve additional physical security. Department of Health computer systems that contain personal details of indentifiable individuals are registered in accordance with the Data Protection Act.

Miss Emma Nicholson

To ask the Secretary of State for Health what steps have been considered to protect computerised departmental waiting lists from internal or external penetration.

Mr. Freeman

The responsibility for guarding against unauthorised access to information held on hospital computer files rests with individual health authorities all of which have been made aware of the requirements of the Data Protection Act.

The issue of specific guidance to hospitals on the security of computer systems, including those holding waiting list information, is currently under consideration.

Miss Emma Nicholson

To ask the Secretary of State for Health what techniques are used to protect, on-line computer-held departmental systems from unauthorised internal or external access.

Mr. Freeman

Currently, most Department of Health computer systems cannot be accessed on-line by other systems. Where on-line access is possible security measures appropriate to the sensitivity of the data held and the possible consequences of data corruption are taken. These include procedures for the security copying of computer-held information and physical checks of cabling and communications equipment.

All Department of Health computer systems are subject to physical security measures. The exact measures employed relate directly to the physical vulnerability of both the system type and its location.

Miss Emma Nicholson

To ask the Secretary of State for Health what advice is given by his Department to relevant health authority offices to secure their computer terminals against unauthorised penetration of the Health Department mainframe in London.

Mr. Freeman

The Department of Health mainframe computer in London has linked terminals within its own location and at two more Department of Health central London offices. No other terminals have access to the system.

Access from the linked terminals is controlled by use of suitable physical and logical security measures for the mainframe itself and for each terminal with validated access to information held on it.

Miss Emma Nicholson

To ask the Secretary of State for Health what record is kept of the use made of Departmental computer files.

Mr. Freeman

For Department of Health computer held information registered in accordance with the Data Protection Act, the rules of the Act apply. Where it is considered necessary, further controls are maintained relating to permitted access and regular checking of system usage.