E- Health Primary Care E-Health Europe E-Health Jobs (UK only) E-Health Insider Events
Email: Password:   Register | Why Register?
HOME | CONTACT | NEWS ARCHIVE | DOCUMENT LIBRARY | FEATURES | COMMENT & ANALYSIS | EVENTS | RESEARCH REPORTS | CASE STUDIES | FORUMS

NHS chief execs may be accountable for data loss

28 Apr 2008

The Information Commissioner has backed proposals by cabinet secretary, Sir Gus O’Donnell to hold senior Whitehall figures and NHS chief executives personally responsible if their department or trust loses or mishandles personal information.

Speaking at the Infosecurity Europe conference in London last Tuesday, Information Commissioner Richard Thomas said he has seen a draft of O’Donnell’s report and backed its proposal to make senior civil servants responsible for all issues relating to issues of accountability and information governance.

He said: “It has to be the likes of chief executives of NHS trusts and permanent secretaries who are held accountable when things go wrong.

They can't simply make assumptions that everything is in the hands of the techies.” Richard Thomas

Sir O’Donnell is expected to release his report on data security to parliament next month, which was commissioned by the Prime Minister in the wake of the loss of 25m child benefit claimant records by the HMRC last November.

Thomas said the public was rightly concerned by details being passed to other organisations, or information not being stored securely. Later this year, his office will be beginning its new ‘spot check’ policy.

"There are going to be new requirements for Whitehall departments and new guidance for the public sector at large," Thomas said.

"It's not just about data security. We need to ask a whole range of questions, such as why so much information is being collected. Why is it being retained for so long? Why are laptops which hold the information not being encrypted? And why are such laptops being left in the backs of cars?"

EHI Primary Care revealed last week that the NHS has reported more than ten data security breaches to the Information Commissioner in the six months since the loss of 25m child benefit records.

An ASSIST and UKCHIP spokesperson told EHI: “David Nicholson has already stressed that chief executives should take personal responsibility for information and I wouldn’t think that any NHS organisation would think otherwise.

“Information security and governance have struggled to get recognition by the top boards, so this move could only improve things. Chief executives already have responsibility for clinical governance, there is no reason to them to think about information governance in a different light.”

Joe Fernandez

© 2008 E-HEALTH-MEDIA LTD. ALL RIGHTS RESERVED.

Reader's Comments
Add a comment
Reader's Comments

1

bring back heads on tower bridge..

28 Apr 08 20:47

"Responsibility" is meaningless when there are no consequences to the individual except sideways - or even vertical - promotion. Why should civil servants be expected to take any responsibility when the last politician to do so was Lord Carrington? I'd still like to see a few scalps/heads on public display: like huskies, it might concentrate the minds of the rest of the team ;-<< There is , of course, a problem with specific threats: you might have to follow them through or lose credibility: in the case of huskies, they have to be convinced that they are at risk - and have no means of escape. I'm not sure that it is reasonable to expect every CEO to be personally responsible for every breach of established organisational policies either

Search
News Features Jobs Newsletters
Reader poll
Reader poll
Q
Was NPfIT right to treat NHS IT needs as similar to banks?
System C

Past: 24 hrs|7 days|Month

Top jobs
More
Top jobs

Featured_recruiters
Featured_recruiters
latest forum posts
latest forum posts
About Us | Advertise | Privacy Policy | Terms & Conditions | About RSS | RSS Feed
E-Health Insider is managed and maintained by E-Health-Media.com ©2008 E-Health-Media Limited.