The Department of Health does not wish to be told of day-to-day breaches of security, the head of the NHS's National Programme for IT [NPfIT] has told MPs.
David Nicholson, chief executive of the NHS and senior responsible owner of the NPfIT, was being questioned by a Labour MP Don Touhig about the IT programme and the security of its databases of medical records, at a hearing of the Public Accounts Committee earlier this month.
Nicholson told the Public Accounts Committee that NPfIT's systems were "more secure than internet banking".
But Touhig, a former Labour Defence minister, said Nicholson's assertion was "recklessly courageous".
Touhig made it clear that he was concerned that NHS organisations are not compelled to notify Connecting for Health, which runs much of the NPfIT, of all security breaches.
He questioned whether Connecting for Health, which runs the NPfIT, would know if security measures were working properly if they were not told of all incidents.
But Nicholson said that NHS trusts report day-to-day security breaches in their annual reports. Any major incident in which many records may be lost must be reported to Whitehall, he said