The government plans to appoint a senior security director to oversee IT security across the whole of the NHS' ambitious national programme for IT (NPfIT).
NHS Connecting for Health, the government agency behind the programme, has appointed head hunters to identify potential candidates for the sensitive post of director of IT security and information governance.
The NPfIT has faced criticism from GPs in recent weeks over IT security and the confidentiality of patient data (Computer Weekly 7 February).
Last week Hamish Meldrum, chairman of the British Medical Association's General Practitioner Committee, and Mayur Lakhani, chairman of the Royal College of General Practitioners, wrote to Connecting for Health, which runs the NPfIT, raising concerns about data security.
Connecting for Health has launched an investigation, but said it had not been able to reproduce the security failings highlighted by the GPs.
"Patient safety and security of information are the two highest priorities for NHS Connecting for Health, and we have looked into this matter carefully and are taking it seriously," a representative said.
The job description for senior security director issued by NHS Connecting for Health states, "The programme will deliver an integrated IT infrastructure to support 21st-century systems for all the NHS organisations in England by 2010.
"There is currently a need to recruit an ambitious, highly-skilled technology professional to enable the successful delivery of the programme."
The security director, who will report at board level, will be responsible for developing and implementing an information governance programme, including confidentiality, as well as data integrity and data protection for both the NHS and the national programme.
This will mean liaising with bodies including the Information Commission, the Audit Commission, and the Healthcare Commission, to certify that the Information Governance strategy meets local and national targets.
The NHS has hired recruitment company Harvey Nash to look for senior IT security and information governance specialists with at least five years' experience within a large organisation, and practical experience of governance and security on major technology programmes.
Harvey Nash described the appointment as sensitive, and said it was unable to discuss how far the recruitment process had progressed.