The Department of Health does not wish to be told of
day-to-day breaches of security, the head of the
NHS's National Programme for IT [NPfIT] has told MPs.
David Nicholson, chief executive of the NHS and senior
responsible owner of the NPfIT, was being questioned by a Labour MP
Don Touhig about the IT programme and the
security of its databases of medical records, at a hearing of
the
Public Accounts Committee earlier this month.
Nicholson told the Public Accounts Committee that NPfIT's
systems were
"
more secure than internet banking".
But Touhig, a former Labour Defence minister, said Nicholson's
assertion was "recklessly courageous".
Touhig made it clear that he was concerned that NHS
organisations are not compelled to notify
Connecting for Health, which runs much of the NPfIT, of all
security breaches.
He questioned whether Connecting for Health, which runs the
NPfIT, would know if security measures were working properly if
they were not told of all incidents.
But Nicholson said that NHS trusts report day-to-day
security breaches in their annual reports. Any major incident
in which many records may be lost must be reported to Whitehall, he
said