§ Mr. BarronTo ask the Secretary of State for Health how many instances of unauthorised access to identifiable 527W personal health information have been recorded in each of the last three years; and how many of these were by access through IT equipment or NHS networks. [11474]
§ Mr. HoramThere is no central collection of statistics on recorded instances of unauthorised access to identifiable personal health information, whether via computer systems or paper records.
§ Mr. BarronTo ask the Secretary of State for Health (1) what assessment he has made of the adequacy of the NHS HealthNet network to meet the demands of healthcare professionals for the effective protection of identifiable patient health data; [11470]
(2) what progress his Department has made towards developing for NHS staff a code of guidance for protecting identifiable personal health information transmitted on NHS networks; and if he will make a statement; [11468]
(3) if he will place in the Library details of the security policy and technical specifications proposed for the new NHS HealthNet network. [11469]
§ Mr. MillerTo ask the Secretary of State for Health if he will make a statement on progress in developing policy on the secure management of identifiable personal health data to be transmitted on HealthNet. [11188]
§ Mr. Simon CoombsTo ask the Secretary of State for health (1) what steps he is taking to ensure that the confidentiality and integrity of patient data transmitted on the proposed HealthNet network will be maintained; [11680]
(2) what steps he is taking to ensure that bodies within the NHS implement security policies which protect the confidentiality of patients' personal health information transmitted on computer networks. [11681]
§ Mr. HoramOver the past two years the Department of Health sought advice from security experts and from representatives of the clinical professions, following which the national health service chief executive wrote to all health authorities and trusts in December 1995 enclosing the networking security policy, codes of connection and the security guide, EL (95) 108, copies of which are available in the Library.
The papers explain the measures taken to protect information when it is passing over the networking system. They also state that these measures must be matched by secure handling of patient information locally. The Department of Health will issue further guidance in the near future, covering both the protection and use of patient information, and the secure management of computer systems.