The NHS has formally adopted the BS 7799 code of practice for information security and laid down a tight deadline for its implementation.
Health organisations have been told that by June they will have to compare existing practices against the national standard and produce a compliance audit by December.
This is a huge challenge. BS 7799 is the security standard for government departments, but last autumn, two years after its launch, Computer Weekly revealed that only 37 UK organisations have gained accreditation.
A key component of the new NHS strategy will be a full public key infrastructure (PKI) that will be available for use across the NHS by April 2002.
The NHS' failure to deliver secure communications has been a major source of frustration in recent years, and this may continue if there is any problem with the PKI development.
A new cryptography strategy warns that any organisation considering an interim solution must ensure that any strategy has "an appropriate fit with expected cryptographic standards" or is "capable of cost-effective replacement or upgrade".