NHS data handling: Calls for independent audits

NHS trusts are being urged to introduce independent auditors to make sure they are keeping to guidelines to protect their handling of patient data.

It would mark a shift away from the current arrangements that see trusts responsible for carrying out their own "information governance assurance" self assessments.

silicon.com Public Sector

Get the latest public sector news straight to your inbox. Sign up for the PS newsletter today!

The potential change was revealed by Marlene Winfield, national patient lead for NHS IT body Connecting for Health.

She said the Department of Health had issued guidance to the local strategic health authorities urging them to consider bringing in independent auditors to examine health trusts.

Speaking at a Westminster eForum meeting on information security she said: "Every trust must carry out an information governance assurance self-assessment.

"The department has asked the strategic health authorities to consider moving to an independent audit from the self assessments."

She added that trusts must report any information assurance issues to their respective board and that any substantial breaches must be published.

Winfield acknowledged it would take time to encrypt all personal data on NHS computers but said trusts were taking intermediate steps to protect data.

She said: "We realise there is going to be a delay before everything is encrypted but we are relying on alternative measures and many more safeguards."

Winfield added that health trusts had suspended unencrypted bulk data transfers and brought in new training and disciplinary procedures for staff as part of a series of measures.