By Jeremy Nettle

Last Wednesday a panel of experts gathered at the 2nd International Summit on the Future of Health Privacy in Washington, DC. They all seemed to agree that the stakes are high when it comes to electronic medical records and privacy.

Electronic health records are a legal ‘game changer,’ and many of us who have lived and breathed Health IT recognise this. But as patients become more tech savvy and the push towards encouraging patients to be responsible for their own health intensifies, patients are beginning to not only expect, but demand that clinical information is shared and exchanged amongst those that are caring for them in order to receive the best health outcome.

So with increasing amounts of NHS organisations sharing data electronically in order to meet these demands, there is almost little surprise when just six months into this Jubilee and Olympic year, numerous headlines have showcased some large health data breaches.

Whether it’s outright theft, the actions of a disgruntled employee or overall carelessness, 2012 is already full of noteworthy breaches. And according to recent research the problem is clearly growing, not only in the UK but globally.

Yet the NHS is seeing an even more sinister twist and that is the affordability of the data breach fine. Earlier this year Aneurin Bevan Health Board became the first trust in the UK to be given a monetary fine for its data breach. Hot on its heels was Central London Community Healthcare NHS Trust and now Brighton and Sussex University Hospitals NHS Trust has been served a £325,000 penalty – the largest fine of its kind – after it allowed sensitive information about tens of thousands of patients to be sold on eBay!

Already the CEO of the trust is appealing against the penalty claiming that it “simply cannot afford to pay a £325,000 fine.”

This particular incident is even more interesting as it relates to a managed service. The trust’s IT provider sub-contracted the destruction of data on around 1,000 hard drives held in a locked key-coded room within the hospital.

The trust said no information actually got into the public domain, but the Information Commissioner’s Office (ICO) claims that no explanation has been given as to how the hard drives were removed from the premises. Apparently the individual authorised to destroy the discs did know the code for the door where the discs were stored.

Related post

Selling into the NHS; it’s not about luck, it’s about having the right approach

Mark Venables, chief executive of Highland Marketing, takes issue with commentator Roy Lilley, who argued it’s almost impossible to sell innovation to the NHS. Roy Lilley is a long-term observer of the NHS management scene…

Continue reading

The ICO’s deputy commissioner and director of data protection, David Smith, said: “The amount issued in this case reflects the gravity and scale of the data breach. It sets an example for all organisations – both public and private – of the importance of keeping personal information secure.”

Privacy and security form the bedrock on which the NHS can progress its current goal to provide better and sustainable healthcare so it must be raised high up the NHS agenda. However, getting the right information to the right people at the right time, in a form they can understand, engage with and contribute to, will help individuals take control of their own care, improving self management, shared decision making and more informed choices, as outlined in the recent Information Strategy.

As well as recognising the importance of providing safeguards around access to clinical records online, the NHS Future Forum received a clear message that not sharing information has the potential to do more harm than sharing it.

Unless action is taken to ensure privacy and information governance is simplified, then the future of electronic healthcare is at risk along with the reputations of healthcare providers, senior managers and clinicians. The NHS must protect patient data and use solutions that are now available which can monitor, detect and deter staff breaches of patient data. Scotland is leading the way, with Wales and some far-sighted English trusts not far behind. Yet many English NHS organisations have still not decided to confront the privacy issue, effectively hoping that regulators, police and patients’ lawyers never come knocking on their door!

Related post

Health tech communications in the second wave of Covid-19 – and beyond

The arrival of the novel coronavirus was shocking, but it had a positive impact on the uptake of technology in the NHS. Now, as the health service prepares for winter and a ‘reset’ next spring,…

Continue reading

The following two tabs change content below.
Jeremy Nettle

Jeremy Nettle

Industry Advisor
Jeremy is one of the best-known and most experienced figures in healthcare technology, having worked in the sector for more than thirty years.

He started his career as a clinician in the NHS and went on to become IT director at Salisbury Healthcare NHS Trust from 1997-2002. From there, he moved into the private sector when he joined Lockheed Martin as director of business development within the public sector; a new sector for the company.

Jeremy went on to work for Intellect (now techUK) as chair of the Health and Social Care Group, giving a voice to more than 260 suppliers on IT policy issues, before joining Oracle as director of business development, EMEA healthcare and then global client advisor for Health and Life Science.

Jeremy is now semi-retired, but still works as a health and social care business advisor and sits on the board of companies, educational organisations and charities. Since January 2019, he has also chaired Highland Marketing’s advisory board, which is available to the agency and its clients for advice and support on effective communications and marketing.

Want more articles like this one?

Our free newsletter drops into your inbox every Friday to bring you...
  • Industry news
  • Essential analysis
  • Unmissable interviews
  • HM blog posts, tips and advice

Sign up:


Leave a Reply

Find out how we can help your business

Get in touch