NHS trusts face independent data-handling audits

NHS trusts are being urged to introduce independent auditors to make sure they are keeping to guidelines for their handling of patient data.

Such a development would mark a shift away from current arrangements that see trusts responsible for carrying out their own 'information governance assurance' self-assessments.

The potential change was revealed by Marlene Winfield, national patient lead for NHS IT body Connecting for Health.

Winfield said the Department of Health had issued guidance to the local strategic health authorities urging them to consider bringing in independent auditors to examine health trusts.

Speaking at a Westminster eForum meeting on information security, Winfield said: "Every trust must carry out an information governance assurance self-assessment."

"The department has asked the strategic health authorities to consider moving to an independent audit from the self-assessments," said Winfield.

She added that trusts must report any information-assurance issues to their respective board and that any substantial breaches must be published.

Winfield acknowledged it would take time to encrypt all personal data on NHS computers but said trusts were taking intermediate steps to protect data.

She said: "We realise there is going to be a delay before everything is encrypted but we are relying on alternative measures and many more safeguards."

Winfield added that health trusts have suspended unencrypted bulk data transfers and brought in new training and disciplinary procedures for staff as part of a series of measures.