Skip to main content

Patient Data

Volume 475: debated on Tuesday 6 May 2008

Data held electronically can be secured using encryption and other measures not applicable to old paper-based systems. The health service’s national programme for IT has particularly high levels of security because of the sensitivity of data held, and individual health organisations are responsible for complying with data protection rules.

Three hundred thousand patient prescription forms have been lost, junior doctor job applications have been found on the internet, a laptop with thousands of patients’ details has been stolen, and child benefit information affecting millions has gone missing. Does the Minister accept that patients do not have faith in the Government’s plans to put their personal details on an NHS database?

No. As I have already explained to the hon. Gentleman, the level of security on the national NHS IT system is second to none in the world. In fact, we get regular complaints from people saying that it is too secure, because it does not enable them to exchange the information that they need to make sure that patients are cared for properly. I also have to tell him that child benefit is not the responsibility of our Department. None the less, we do take data losses extremely seriously.

Since the problems experienced by Her Majesty’s Revenue and Customs, the chief executive of the national health service has reminded the managers of every trust in the country of their legal responsibility to comply with data protection rules. They are now obliged to publish quarterly reports on any serious data losses and to say what action they have taken to ensure that such losses do not happen again. The vast majority of the data losses that have happened, including the ones the hon. Gentleman referred to in his question, would not have happened under the level of security used by the national NHS system for IT.

Does my hon. Friend agree that the major problem we have with the NHS database is not the database itself, which is secure—probably more secure than the local bank—but the people who misuse it by downloading information and then carelessly leaving it in the backs of cars? Millions of our constituents have had their records stored electronically for decades, and it is about time we moved away from this negative debate about it, took the issue out of party politics, and recognised the work that it can do to help people, particularly those with chronic illnesses.

My right hon. Friend, who has done a number of reports on this issue and knows a great deal about it, is absolutely right. I regret that all too often in the debates we have about the subject, we lose sight of the enormous benefits of the good exchange of data on patient care. Patients get quicker, more reliable and much safer care, while the NHS saves a lot of money through not using the old, expensive and cumbersome paper-based systems.

My right hon. Friend is right. In an organisation that employs 1.3 million people—the biggest organisation in the world, I think, after the Indian railways and the Chinese red army—it is impossible to conceive of a situation in which some human failure could not lead to data loss. That is why it is important that every NHS employee is aware of their responsibilities. It is also important that those in hospital management are aware of their responsibilities, and make those clear to staff.