Potential security flaw in NPfIT Choose and Book, the Sun reports

The Sun has reported on a potential security breach with the "Choose and Book" system - part of the NHS's National Programme for IT [NPfIT] - at a GP practice at Essex.

The paper has an editorial piece about the potential breach under the headline "Data Dunces".

The Sun reports that crooks may have accessed patient records. It said that a security card flaw has left the system open to abuse for two years. Sensitive medical details, addresses and National Insurance numbers of every patient in the country could have been seen by anyone in a GP surgery or hospital without using the special swipe card.

NHS Connecting for Health, which runs much of the National Programme for IT, said, ""We are aware of a local hardware fault experienced in a GP practice. It caused no breach of patient confidentiality and is being thoroughly investigated to ensure that this cannot happen again."

The Sun's editorial says:

"There is nothing more private than your medical records. Yet it seems anyone can access the NHS computer database. The government promised it could not happen. Yet a GP finds he can log in without security checks. Labour insist that the ID cards database will be totally secure. But how can we believe them?"

See Tony's IT Projects blog for more on NHS IT