NPfIT politics and the NHS smartcard security breach

It’s interesting that NHS Hull promptly answered all my questions about the breach of smartcard security until I mentioned the use by the trust of NPfIT systems.

Then all went quiet.

It may be worth noting that NHS Hull and Connecting for Health have worked closely on research aspects of the NPfIT for several years.

The former employee who is being investigated by police at Humbersidehad authorised access to anonymised medical e-records but not to identifiableindividual files.

That he did access identifiable information anyway may be a reminder that the problem of making identifiable medical records wholly anonymous has yet to be cracked.

Managers in Hull say they are “appalled” thatthe former employee violated the confidentiality of records.

Thisis an example of NHS Hull’s work with NHS Connecting for Health on the NPfIT Secondary Uses Service, which holds patient records in identifiable form. Thetrust has “evolved” an architecture for processing SUS data and hasbeen working to support the data’s pseudonymisation.

On theimplementation of pseudonymisation, NHS Hull lists problems and issuesas:

– Submission of anonymous/pseudo data

– Reconciling SUS/CDS [Commissioning Data Set] and SUS/PbR [Payment by Results] and SLAM

– Continued development of data warehouse

– Training in technology:

  – SQL Server 2005 environment
  – Database Security

TPP, the supplier of SystmOne, said in a newsletter that NHS Hull has a “long history with the National Programme for IT”.

If officials are proud of this work on the NPfIT, why do they not wish to answer any questions now about it?

Perhaps it’s because the breach at NHS Hull is a reminder to CfH that no system is 100% secure and that the bigger citizen databases get the harder it will be to stop knowledgeable insiders browsing them.


Anger after medical records are viewed without permission –

Police probe NHS Security – Centennial blog