Government Publishes Response to National Data Guardian Review on Cyber Security and Data

Published on: 12th July 2017

The Government has announced wide-ranging plans to strengthen organisations across the NHS and social care against the threat of global cyber-attacks.

Investment in data and cyber security will be boosted above £50 million and will include a new £21 million capital fund which will increase the cyber resilience of major trauma sites.

To mitigate the immediate risks with cyber security NHS Digital is supporting local organisations by broadcasting alerts about cyber threats, providing a hotline for dealing with incidents, sharing best practice across the health and care system and carrying out on-site assessments.

Work is underway in parallel to determine the fastest and most cost effective way to support the NHS to move from unsupported operating systems, including Windows XP where use has fallen in the past 18 months from 18% to 4.7%.

The NHS contract has been changed so that NHS organisations are formally required to adopt data security standards as recommended by the independent National Data Guardian for Health and Care, including security training for staff, annual reviews of processes and extensive contingency plans to respond to threats to data security.

Chief executives will also be held to account for standards that are being implemented and maintained and this will be assessed during inspections by the Care Quality Commission from September this year.

Health Minister Lord O’Shaughnessy said: “The NHS has a long history of safeguarding confidential data, but with the growing threat of cyber-attacks including the WannaCry ransomware attack in May, this government has acted to protect information across the NHS.

“Only by leading cultural change and backing organisations to drive up security standards across the health and social care system can we build the resilience the NHS needs in the face of a global threat.”

The government has also announced plans to give patients and the public more access to, and control over, their personal data while building confidence in the importance of secure data to provide better individual care and treatment as well as supporting research and planning across the health system.

As the Chief Medical Officer’s recent report on genomics showed, better use of data and technology has the power to improve health outcomes, deliver better patient experience, transform the quality of care patients receive and support improvements across the health and social care system – now and in the future. Staff and patients will benefit from reduced bureaucracy, freeing up more time for patient care, and leading to more accurate diagnoses and more personalised treatment.

To strengthen the safeguarding of information, the National Data Guardian’s position will be put on a statutory footing and stronger sanctions will be introduced by May 2018 to protect anonymised data including severe penalties for negligent or deliberate re-identification of individuals.

Patients will also be able to make choices about sharing their data and information by simply opting out if they do not want their confidential data to be used for research and planning across the NHS.

Health Minister Lord O’Shaughnessy added: “Data already saves thousands of lives everyday across the NHS through direct patient care or research into cancer or rare conditions, but better use of information has the ability to further transform health and care for everyone. By implementing strong security standards and giving patients clear choices, patients can be reassured that their privacy is safe while they are making a direct contribution to unlocking new treatments and improving patient care.”

Dame Fiona Caldicott, National Data Guardian, said: “New technological advances offer extraordinary opportunities for patient data to be used to improve people’s individual care and to improve health, care and services through research and planning.

“We will only be able to harness those opportunities if the public trusts that the health and care system is doing all it can to keep patient data secure, to meet their expectations on confidentiality and to be transparent. I believe that the implementation of my recommendations will be an important step in this process and very much welcome the Government announcements today.”

Chief Medical Officer, Professor Dame Sally Davies said: “Technology has the potential to transform medicine forever but we need all NHS staff, patients and the public to recognise the huge potential of safe data use.

“Personal data must always be stored securely, but using it responsibly can bring huge benefits to patients and improve diagnosis and treatment across the world.”

Source: Department of Health

Back to top+