NHS misses data-encryption target

Summary:A number of NHS health trusts are expected to be months late in meeting a target to encrypt all data on non-secure machines

NHS trusts will not have completed encrypting patients' personal data held on their computers until later this year.

A number of health trusts are expected to be months late in meeting a target to encrypt all data on non-secure machines by 31 March, 2008.

Many trusts will be unable to meet the local targets as set by strategic health authorities (SHAs) as they had been told not to begin the work until Connecting for Health (CfH), the body co-ordinating NHS IT, procured an encryption package, which did not take place until 20 March.

The Department of Health (DoH) has confirmed that it would then take "at least six months" for each trust to complete the rollout of encryption.

That means data will not be fully protected until 10 months after NHS chief executive David Nicholson asked trusts to make the securing of personal data a priority.

There is no central monitoring within the NHS to ensure that trusts have carried out encryption, with it being left up to the strategic health authorities to check on compliance.

A spokesman for the DoH defended the time taken, saying: "The rollout of encryption is a complex matter."

"David Nicholson has sought and received assurances from the heads of all trusts that they are working to ensure encryption takes place in a timely fashion. Each of the SHAs will performance-manage this, but it is paramount that patient care is not disrupted," said the spokesman.

The target of 31 March for encryption to take place was a local deadline set by some SHAs, and CfH said there was no central target set by the DoH. CfH said the DoH had simply sought an assurance that the process was in hand by the end of March.

CfH confirmed that 700,000 licences had been issued for its chosen encryption package, McAfee's SafeBoot.

A CfH spokesperson said: "It is understood that this process can take some time as skilled technicians are required to complete the task.

"SHAs are responsible for ensuring that trusts progress with encryption as swiftly as possible and the DoH has advised SHAs to consider undertaking an independent audit of their trusts' progress," the spokesperson said.

Topics: Security

About

Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.