Council criticises IT security of Summary Care Records

A local authority has formally raised concerns about the lack of IT security of the Summary Care Records scheme, which is part of the £12.7bn NHS National Programme for IT (NPfIT).

A local authority has formally raised concerns about the lack of IT security of the Summary Care Records scheme, which is part of the £12.7bn NHS National Programme for IT (NPfIT).

Milton Keynes Council has also reminded its residents that they can choose not to have a summary care record created for them.

A national roll-out of summary care records is already underway. Patients across England are beginning to receive information packs on the benefits of the records and, if they take no action, some of their medical data, as held by their GP, will be uploaded to a central Summary Care Records database run by BT.

The British Medical Association (BMA) has called for a halt to the government's "rushed" roll-out of the Summary Care Records. Many GPs do not want to send information to a central system unless their patients have consented to the upload.

For the Department of Health and NHS Connecting for Health, the success of the Summary Care Records roll-out will depend, in part, on a low opt-out by patients. The co-operation of GPs is also needed, before medical information from their practices can be uploaded.

Electronic records concerns

So far, local authorities have stayed out of the debate over whether patients should opt out. Milton Keynes is the first council to take a stance.

At a council meeting on 9 March the council noted that its local Primary Care Trust was currently writing to all patients registered with a Milton Keynes doctor about creating national summary care records.

A majority of the councillors - comprising Liberal Democrats and Conservatives, but without Labour support - agreed to note that:

  • Groups such as NO2ID have expressed concern that summary care records may be joined with a national identity database;
  • Electronic records are open to hacking or misuse by non-legitimate parties for personal gain;
  • A much higher level of data security will be required before the public can have confidence in such systems.

As a formal resolution, the council agreed to remind residents that they can "opt out of having a summary care record created for them".

The council also decided to ask its officials to "urgently provide a written report to the Cabinet addressing the areas of concernwith the potential of making written representations to both the Primary Care Trust and the two members of parliament for Milton Keynes, if it is considered necessary".

Under no overall control, Milton Keynes Council is currently governed by a Liberal Democrat minority administration, with Labour party support. The Conservative party is in opposition.

More than 50 million people in England are due to have a summary care record. But one GP practice has so far had an opt-out rate of about 20%.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...