Skip to main content

NHS Patient Database

Volume 454: debated on Wednesday 13 December 2006

To ask the Secretary of State for Health what action has been taken to secure the proposed NHS patient database against computer hacking and other data theft. (103958)

All systems and services delivered through the national programme for information technology incorporate stringent security controls and safeguards to prevent unrestricted or uncontrolled access to personal information.

Any attacker who had access to the N3 network would have to break through three separate layers of tiered architecture, each of which is protected by twin firewalls of different manufacture, in order to access the database. The firewalls are supported by intrusion detection systems, and other multiple security measures, which routinely monitor network traffic and alert on detection of suspicious activity.

There are four separate levels of control to protect against the danger of data theft by a legitimate N3 user. The first is provided by the requirement that all users must have a smartcard. Smartcards are secure tokens that, together with a password, confirm the identity of staff and determine access rights to information. They are issued only when satisfactory evidence of identity and residence is provided in person by staff, and provide a unique digital identity that enables the system to know precisely who each user is. These arrangements conform with the e-Government Interoperability Framework (eGif) Level 3 standards for the registration and authentication of staff.

The second control is that staff will only be able to access as much information as is needed for the purpose of their role within the healthcare team. For example, a receptionist will be able to see information about an appointment, but would not be able to look at detailed clinical records.

The third control is that the system will not permit anyone to access clinical information unless they are registered within the system as working in a team that is providing the individual patient concerned with care, or are checking the quality of care provided. This safeguard is known as the ‘legitimate relationship’ safeguard.

The fourth control is provided by staff who oversee compliance with security processes. A record is kept of user activity within the system. If an irregularity is suspected these staff will be alerted automatically and will investigate the incident.

Over and above these implemented safeguards, the NHS maintains an effective liaison with the UK's information security authorities and others for the sharing of relevant advice and guidance on known information security threats and vulnerabilities.

Together these safeguards will provide an unprecedented level of assurance compared with existing electronic systems.