NHS London orders data transfer review

Tags: A BT encryption Information iS London N3 Network PCT Security St

17 Dec 2007

All deliveries of patient information in London have been halted, and the chief executive of NHS London has begun a review of data transfer arrangements after a CD containing details of 160,000 children was lost.

The encrypted CD containing names addresses and dates of birth was lost in transit from BT to St Leonard’s Hospital, Hackney in an incident that occurred on 14 November.

However, fears the CD could contain enough information to enable ID theft, or place children at risk, have been allayed thanks to BT and the NHS trust concerned – City and Hackney PCT - following NHS data protection procedures.

In line with Connecting for Health rules, the disk was protected using 256k encryption and sent by secure courier by BT to St Leonard’s Hospital IT dept. It was signed for by hospital staff but never reached the person in the IT department it was destined for.

BT, the local service provider for NHS IT in London, told E-Health Insider that because the disk failed to reach its destination, the pass phrase key needed to de-crypt the disk was not issued.

A BT spokesperson said that the disk had not been located. “In this instance the encryption pass phrase would only have been released after one of two named individuals confirmed receipt. This was not confirmed so the encryption pass phrase has not been issued.”

The spokesperson said that BT has “cleansed the data” and was returning it to the PCT.

Asked why the data was sent on disk, rather than the secure NHS N3 data network provided by BT, the spokesperson said the trust had requested it be sent by disk. “The transport mechanism depends on what is the most convenient for the trust.”

Speaking to the Evening Standard Ruth Carnall, chief executive of NHS London, said: "We take any breach of security very seriously”.

She said that with the strong encryption and password protection the risk of unauthorised persons viewing the data “is negligible”.

Carnall added: “I have asked for an independent review of all NHS data transfer in London and procedures are in place to stop this from happening again."

Readers Comments

A good sign

17 Dec 07 14:20

Although it is obviously better in general to use the secure network, and it is reasonable to ask why the trust insisted on a disk, it looks like every reasonable precaution was taken by the sender to secure the data on this disk. This is a good sign that the message has got through to at least some of those handling patient data. The headline on this story is a little misleading.

What's to review

17 Dec 07 15:08

So what's the issue then? A CD was lost with a patients detail lost but with a high level of Encryption. All but useless to the casual thief and undertaken exactly for this sort of eventuality.

And it's somewhere in the organisation, probably lost in internal mail so not exactly in the public domain. Also not a problem of using an Secure Courier.

So why the indendant review rather than a local internal one? Why the profile except for a bit of scaremongering (Look at the title)? There's been enough of a profile on this particular issue to make this article redundant.

N3 is NOT a secure network

18 Dec 07 14:22

Just to correct a common misconception that for some reason has common currency in the NHS, note that N3 is NOT a 'secure network'. If you require to secure information then you will require to encrypt

Not Secure?

stewart.smith@cd-tr.wales.nhs.uk

19 Dec 07 16:08

At a recent Information Governance conference in Sheffield, a speaker specifically stated that the English NHS network is secure. It doesn't guarantee delivery to the right person, but we were led to believe data is secure en route. Is it akin to Caldicott Safe Havens - the fax is secure on the way but you don't know for sure who is receiving it?

N3 and security

20 Dec 07 08:14

Just to re-iterate. The N3 network is not secure in its own right. In fact due to the decentralised nature of its management it can at times be worse than the internet itself.

The data on the CD was safer as it was encrypted to a higher level than the normal SSL/TLS data streams that Spine uses. Of course this all depends on the quality of the pass phrase used.

I find the issue of encryption interesting in the case of the NHS as the actual data is not necessarily time limited as it with financial data. As an example, the fact that a person had particular clinical event 30 years ago can be of equal if not more interest then on the day it occurred. The significance of this is that a 256 key is not readily crackable today, but will be in future could have consequences for both the NHS and the individuals concerned at a future date.

This is where the debate needs to go ...

Secure

nhstechie@btinternet.com

23 Dec 07 20:32

N3 isn't intrinsically secure, but my understanding is that by default data is encrypted in transit. If delivered to the wrong recipient however they will be able to read it - the only way this is more secure than internet traffic is that the packets of data are encrypted, so if intercepted wouldn't be easily read.

NHSMail is supposedly secure, but again if you get the wrong Fred Bloggs - e.g. Fred.Bloggs@nhs.net instead of Fred.Bloggs2@nhs.net it will be delivered and read. The only safe assumption is that a network is intrinsically insecure, password protecting and encrypting the data and giving the receipient the password and key via a different route - preferably using a different technology (e.g. phoning the info through).

My biggest worry is that, as a result of the mass media's knee-jerk reaction and inability to distinguish between the problem and the solution, we'll end up no sharing data again - leading to loss of life. Soham springs to mind, as does the Laming report.