To ask the Secretary of State for Health if he will publish the report of the independent evaluation of the security of the care records system. (195840)

NHS Connecting for Health insists that penetration tests are conducted on suppliers systems that connect to the national infrastructure. Where weaknesses are identified that would lead to a breach of confidentiality, integrity or availability they are corrected before the systems are brought into service. The outputs from these tests are commercially confidential between the supplier, the evaluator and NHS Connecting for Health. NHS Connecting for Health does, in line with best practice, review the security infrastructure of the National Programme for IT (NPfIT) to allow it to be maintained in line with new technologies and emerging threats. These reviews are conducted on an ongoing basis by both internal security specialists and independent evaluators. The recommendations from these reviews are not made public to avoid compromising security arrangements and to avoid potential criminal exploitation of the information.

The NPfIT has adopted the highest levels of security. The NPfIT contracts require suppliers to comply with comprehensive and detailed security requirements in line with international standards (ISO-27001).

To ask the Secretary of State for Health whether patient data contained in limited data sets of the secondary users service are fully anonymised. (195841)

Patient data contained in the limited, commissioning, data sets of the Secondary Uses Service are not fully anonymised, as the data are required for some core national health service business purposes.