NHS data breaches hit 75 in a year

Seventy five breaches of data security rules by the health service have been reported to the information commissioner's office in the past year, new figures reveal.

The NHS and healthcare sector is second only to the whole of the private sector at losing computers, records and data.

The 75 breaches included 27 lost computers and laptops, 14 losses of paper records and 18 of removable media such as memory sticks.

Data was "inappropriately disclosed" on five occasions, there were two postal errors, one email error and one website security breach.

Eighty breaches in the private sector have been reported since November last year, 28 in central government, 26 in local government and 47 in other public sector bodies.

Information Commissioner Richard Thomas said reports had "soared" since the high profile loss of 25m child benefit records in autumn last year.

He said responsibility for data breaches should lay with chief executives, who should ensure appropriate policies and procedures are in place, that privacy is incorporated into their technology and that staff are properly trained.

"It is alarming that despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues," said Mr Thomas.

From:
http://www.hsj.co.uk/nhs_records_75_data_breaches_in_a_year

Private companies get access to millions of NHS medical records

The confidential medical records of millions of NHS patients could be handed over to private companies under controversial plans being drawn up by labour ministers.

Patients' postcodes, medical conditions and treatments - and in some circumstances, their names - could be passed on to third parties without their consent.

The labour Government is considering giving firms access to a massive computer database which will contain the records of almost every man, woman and child in England.

The information is a goldmine for private companies, who could use it for medical research or for helping them to sell products to the NHS.

But privacy campaigners say they are "horrified" by the proposals which could see patients' postcodes, medical conditions and treatments - and in some circumstances, their names - passed on to third parties without their consent.

The database, part of a long-delayed scheme to give NHS staff access to computerised medical records, will hold details of almost all visits by patients to hospitals and GPs.

The plans have been dogged by controversy. Last week. ministers gave in to pressure from privacy campaigners and agreed that medics will have to gain the consent of patients before opening their computer records. Yet patients will have almost no control over the same information being passed on to companies and other bodies outside the NHS.

The Department of Health says most records passed onto third parties would be made anonymous, but admits that identifiable data - which could include patient names - could also be handed on if it was deemed to be more useful.

Security experts said the scheme would "hoover up" vast quantities of confidential data which could easily be traced back to individuals, whether or not names and addresses or other personal details were removed.

Ross Anderson, Professor of Security Engineering at Cambridge University, said: "We have had a lot of debate about patients being able to opt out of the national scheme for patient records, but meanwhile the Government have pulled a fast one. There are no limits set on the way this data can be used; this database will hoover up all the personal medical data on every person, and it can be used for whatever the Secretary of State says it can be used for."

Prof Anderson suggested the creation of one large database would also make it easier for different parts of the state to use confidential health data for other purposes, with social workers, courts and police able to access medical files more easily.

Helen Wilkinson, a former NHS manager who founded The Big Opt-Out, a campaign against the national care records scheme, said she was "horrified" by the latest development and planning a major publicity launch to warn people of the threat it posed to their privacy and security.

She said: "We are talking about a hugely valuable commodity which will be worth a fortune to the pharmaceutical industry, and to all the companies which make their profits from the health service."

Joyce Robins, from patient pressure group Patient Concern, said patients would be left "entirely at the mercy" of those operating the scheme.

"We have no idea where this information will end up, and we have no control over it. Even when the data is anonymised, it will be easy to trace back to individuals because the nature of medical data is that it reveals a lot about a person. We have seen an endless succession of data losses and breaches, and there is little to reassure anyone that this information would be secure."

The Government public consultation on secondary uses of NHS data, which began without publicity on Wednesday, has been outsourced to a private company called Tribal, which holds contracts to organise the planning of NHS services.

Its managing director Matthew Swindells was until recently chief information officer of the DoH, and before that adviser to then health secretary Patricia Hewitt.

A spokesman for Connecting for Health, the government agency which oversees the patients records scheme, said that while "in theory" anonymised data could be used to trace an individual, researchers would be more likely to examine records in batches of hundreds of thousands at a time. He described the matter of whether information should stay within the health service, or ever go outside for research - to academic researchers or pharmaceutical companies - as a "valid question" on which the consultation sought public opinion.

The agency's chief operating officer, Professor Michael Thick, said patients would be able to be removed from the so callled "secondary use" database if they made an application under the Data Protection Act. Under the proposed system, third parties would need to request information from the central database, and fulfil requirements set by data custodians and ethics committees.

From:
Private-companies-could-get-access-to-millions-of-NHS-medical-records.html

Health Direct points out that labour government records have shown themselves to be as watertight as a rusty bucket.

Now labour are openly proposing that your health details will be accessible to many.

Medical records are personal and private to the individuals concerned, having been given in trust to their medical adviser.

The assumption that medical records can be widely disseminated represents a breach of this trust and would be totally unethical.

If you also don't want your medical details to be widely available, sign up at the Big Opt Out at http://www.nhsconfidentiality.org/
now!

Labour U Turn on medical data- NPfIT medical records a step closer

After another labour U turn the national electronic record of patients’ health (NPfIT) looks finally on the cards – five years late – after the NHS IT programme on Thursday changed the way patients will give their consent to the system.

Providing a brief, summary electronic patient record has been a key driver for the £12bn ($22bn) NHS IT programme, which will create a detailed, local electronic record as well as the shorter one available nationally, providing doctors with recent medical history, medications and allergies in an emergency or out of hours.

Tony Bliar, then prime minister, declared as long ago as 1997 that the electronic record would mean that “if you live in Birmingham and have an accident while you are, for example, in Bradford, it should be possible for your records to be instantly available to the doctors treating you”.

Development of electronic records, however, has been devilled by a long and bitter dispute, chiefly with general practitioners, over whether patients should explicitly give consent to having such a record – a more complex, lengthy and costly approach – or whether they should be presumed to give consent with the right to opt out – the approach that the IT programme originally backed.

On Thursday, however, Connecting for Health, which delivers computer systems and support to the NHS, announced a change of tack. Patients will now be written to and given the chance to opt out before a summary record is created.

They will in future be asked at each consultation if the clinician can look at their record and will have the right at that point to opt out entirely, to refuse for that episode of care, or to agree to the record being viewed. They will also be able to agree to the record being permanently available to accredited clinicians.

Dr Gillian Braunold, the lead GP for the programme, said the change “gives the patient control to say yes or no and it is much simpler”. The default position will be “Ask me first”, she said. The decision had been reached after consultation with GP leaders, the Information Commissioner and a wide range of others, she added.

The British Medical Association said it welcomed the changes “pending finer details”, believing patients should opt-in rather than opt-out.

The record has been piloted in five parts of the country, with fewer than 1 per cent of 160,000 patients refusing to have a summary record. Connecting for Health said it hoped to roll the record out nationally, starting in 2009 or early 2010. It is likely to take at least 2-3 years to cover the country.

http://www.ft.com/cms/s/0/ff2823e8-85d0-11dd-a1ac-0000779fd18c.html?nclick_check=1

30,000 NHS records lost as seven laptops stolen

Laptops containing the personal details of more than 30,000 NHS patients have been stolen in two separate thefts- one of which was not encrypted.

More than 20,000 records were held on computers stolen from a south London hospital. In Wolverhampton, a laptop holding details on around 11,000 patients has been stolen.

The missing data includes names, addresses, NHS numbers and, in the Wolverhampton theft, personal medical histories.

In both cases, sensitive data had been stored on laptops in defiance of rules that are meant to protect such records from theft or loss.

The disclosures follow the revelation earlier this week that Hazel Blears, the communities secretary, had stored confidential labour Government files relating to counter-terrorism on a laptop that has since been stolen from her constituency office.

Of the two NHS thefts, the incident in Wolverhampton appeared to be the more serious, since the computer concerned contained detailed medical records and was not protected by any form of encryption.

The laptop concerned was stolen from the car of an unnamed GP, according to Wolverhampton City Primary Care Trust. Some 11,000 patients have now been sent letters apologizing for the incident.

Jon Crockett, chief executive of the trust, said he was "extremely concerned" about the theft.

He said: "Patients and the public have the right to expect that those dealing with confidential information maintain the highest levels of security and we are carrying out a full and urgent investigation into this incident."

Department of Health rules say that any confidential information about patients must be stored in a safe and secure environment. Mobile storage devices including laptops must be fully encrypted.

But the Wolverhampton computer had not been encrypted.

In London, thieves stole six laptops from St Georges Hospital in Tooting. Three contained the first and last names, date of birth, postcode and hospital number of around 21,000 patients.

The theft took place between 6 and 9 June, but St George's Healthcare NHS Trust only recently made the incident public.

In an internal email to its staff, the St Georges trust said he "acknowledges that patient data should not have been stored in laptops." The laptops had been used as temporary storage, it said.

Hospital managers said the patient data was protected by passwords and held in "hidden" files.

David Astley , the St Georges chief executive, apologised and said: "We owe it to our patients to protect their personal information and we have reminded our staff not to store this kind of data on laptops in the future."

He said only staff with the correct password could access the data. "Therefore there is only a very small chance that any patient details have been passed on."

St George's is in Tooting, one of Labour's most marginal seats. Mark Clark, the Conservative candidate in Tooting, said the incident would alarm residents.

He said: "Patient confidentiality has been put at risk by this loss and I am concerned that the hospital make preventing more breaches its number one priority."

From:
NHS-records-lost-as-seven-laptops-stolen.html

Health Direct once again asks whether you are happy trusting the govt to keep all of your medical data secure? Or are you happy to follow the sheep to the slaughterhouse of completely open personal data?

Top officials to be held to account for data losses

Senior Whitehall figures are to be held personally responsible if their department loses or mishandles personal information, under a range of measures designed to increase data security.

Officials across the public sector, including permanent secretaries and chief executives of NHS trusts, are to be forced to take data protection "much more seriously" under proposals due to be laid out by Gus O'Donnell, the Cabinet Secretary.

In the coming weeks Mr O'Donnell is expected to present the findings of a report on data security. The report was commissioned by the Prime Minister in the wake of the loss of 25 million child benefit claimant records by the HMRC in November.

The Information Commissioner, Richard Thomas, who has seen a draft of the report, said that the new measures focused on "issues of accountability and governance", indicating that the heads of departments would be personally responsible in the event of serious data breaches.

"It has to be the likes of chief executives (of NHS trusts) and permanent secretaries who are held accountable when things go wrong," Mr Thomas told a security conference in London. "They can't simply make assumptions that everything is in the hands of the 'techies'".

Details of the tougher penalties for information losses emerged as the Information Commissioner's Office said it had received reports of 94 further data breaches - affecting both the public and private sectors - since the HMRC incident.

Nearly a third of the breaches in the public sector, which ranged from "the minor to the very serious", Mr Thomas said, were in central government, while a fifth affected the NHS. Of the breaches in the private sector, more than 50 per cent were in financial institutions.

The ICO is due to begin using new powers to 'spot check' both public and private sector organisations in the event that a data breach is suspected later this year.

"There are going to be new requirements for Whitehall departments and new guidance for the public sector at large," Mr Thomas said. "It's not just about data security. We need to ask a whole range of questions, such as why so much information is being collected. Why is it being retained for so long? Why are laptops which hold the information not being encrypted? And why are such laptops being left in the backs of cars?"

The BERR report, which was produced in conjunction with Price Waterhouse Coopers, the financial services firm, found that two thirds of British companies did nothing to prevent confidential information leaving the company premises on USB sticks and discs, and that four fifths of companies which had had computers stolen did not encrypt their hard discs.

More than half of companies now also allowed their employees to access the company database remotely, the report found, and 13 per cent had detected "unauthorised outsiders" in their networks. Those companies that did allow remote access to their network were more than twice as likely to experience a security incident.

Andrew Beard, an information security director at Price Waterhouse Coopers and co-author of the report, said: "Senior management is now certainly beginning to take security seriously, but the seriousness of breaches is as high as it's ever been."

From:
http://technology.timesonline.co.uk/tol/news/tech_and_web/article3797278.ece

Health Direct thinks that this new spin is akin to shutting the stable door after the horse has bolted.

Nine NHS trusts admit scandalous security breaches as more personal data is lost

Nine more NHS trusts in England have admitted losing patient records in a fresh case of wholesale data loss by labour government services, Health Direct has learnt.

At least 168,000 patients have been affected by the breaches, which came to light during a data security review by the labour Government.

The Department of Health said that patients had been told of the losses and that there was no evidence that data had fallen into the wrong hands.

Opposition parties condemned the systems of record-keeping that led to the security breaches, after losses of the details of millions of child benefit claimants and drivers in recent weeks.

One of the breaches was thought to be the loss of names and addresses of 160,000 patients by City and Hackney Primary Care Trust, after a disc failed to arrive at a hospital in East London. Another, lost by Gloucester Partnership Foundation Trust, included archive records on patients treated 40 years ago – none of whom is still alive.

The details of the data lost by the other trusts involved – Bolton Royal Hospital, Sutton and Merton PCT, Sefton Merseyside PCT, Mid-Essex Care Trust, and Norfolk and Norwich Trust – have not been disclosed. The East and North Hertfordshire Trust reported a loss but has since found its missing data. Maidstone and Tunbridge Wells NHS Trust has also reported two breaches.

The Department of Health said that the security breaches were being dealt with locally. A spokesman said that investigations were under way and action would be taken against anyone who had failed to fulfil their responsibilities under data protection laws.

The disc containing information on 160,000 patients for the East London hospital had been “encrypted to an extremely high level of security”, he said, adding that another 8,000 patients’ records from the other trusts had been affected but only a small proportion contained clinical data.

Andrew Lansley, the Shadow Health Secretary, said yesterday: “You have to wonder why on earth it took the Revenue & Customs to lose their discs and for the Government to institute an inquiry across government for these losses of data to come to light.

It does feel like there’s a sense in all parts of government that we’re required to provide data and we are constantly told that it will be protected, but in reality that level of protection simply isn’t there.”

Norman Lamb, the Liberal Democrat health spokesman, said: “The whole culture of data management in the public sector has to change.”

Richard Vautrey, of the British Medical Association, said that there was a strong case for patients having their information immediately available when they saw doctors in different medical situations. But he added: “It’s vitally important that any development of centralised systems is done in a careful and measured way.”

Joyce Robins, of the patient support group Patient Care, said that ministers could not gloss over yet another “scandal”. She said: “Health records can have anything from your exdirectory phone number to your HIV status.”

Labour's losing IT streak

Nov 20 News of two CDs with details of 25 million Britons lost in post from a Revenue & Customs office in Tyne & Wear

Nov 23 It emerges that six more CDs with confidential information went missing in the HMRC post

Dec 5 HMRC admits seven serious security breaches in past 2 years

Dec 7 Details of up to 60,000 people lost by Citizens Advice Bureau after a laptop was stolen

Dec 17 Government says records of more than three million British learner drivers lost in the US

Dec 18 HMRC admits losing data of 6,500 private pension holders

From:
http://www.timesonline.co.uk/tol/life_and_style/health/article3090664.ece

Once again Health Direct asks if you are 100% certain that labour will not leak all of your personal medical details?

If the answer is no: 1) make sure that you vote today and do not vote labour and 2) write to your doctor telling him or her not to transfer your data on to the new NPfIT system.

Data watchdog hits out at diabolical NHS trust

The privacy watchdog has attacked a National Health Service trust's "clearly inadequate" records management, in a warning to other public authorities guilty of similar failings.

Richard Thomas, the Information Commissioner, condemned Hounslow Primary Care Trust's "completely unacceptable" handling of a case in which a man asked for information about his father-in-law's stay in a nursing home and death in a hospice.

Les Scarth, who made the information requests to Hounslow trust about the 1998 death of his father-in-law, Tom Wells, said the authority's attitude was "diabolical".

Mr Thomas said the trust failed to respond adequately to information requests, refused to give all relevant documents to Mr Scarth, and missed deadlines for responding to both Mr Scarth and the information commissioner's office.

From:
http://www.ft.com/cms/s/0/07c1169e-fb9e-11dc-8c3e-000077b07658.html

Health Direct asks if you are happy for this shower to have all of your personal medical data on labour's IT systems? If not please consider this when you vote on May 1st and sign up for the NO2ID http://www.no2id.net/

NHS trusts lose patients' records

Gordon Brown was facing further political embarrassment over the labour government's handling of personal data after the Department of Health confirmed that nine National Health Service trusts had admitted losing patient records.

The loss, thought to involve personal information on hundreds of thousands of people, emerged as part of a government-wide review following security breaches in other departments.

The Department of Health said the affected patients had been informed about the loss and there was no evidence the information had fallen into the wrong hands. It added investigations were under way and action would be taken against anyone who had failed to fulfil their responsibilities under data protection laws.

Andrew Lansley, shadow home secretary, said the latest loss underlined the Conservative party's case against the government developing centralised databases. It also raised questions over how the planned electronic patients database in the NHS would protect sensitive medical records.

"For over two years we have argued for data to be held locally, with networking rather than one central database. The government should accept that this would offer us greater protection," Mr Lansley said.

The NHS data loss comes after police admitted they had failed to discover the whereabouts of two computer discs lost last month in the post by Revenue & Customs. The discs contained the names, addresses, dates of birth and bank account details of every child benefit claimant, in the biggest recorded loss of data ever in Europe.

While law enforcement and the banking sector have in recent weeks developed a new coordinated system for checking on suspicious transactions, senior investigators say the failure to find the discs containing data on 25m people risks exposing large swathes of the population to possible fraud and identity theft in the future.

The latest loss also follows the more recent revelation, on Monday last week, that details of 3m learner drivers had been lost after being sent to a private contractor in Iowa in the US.

By yesterday afternoon the details of what data had been mislaid by the trusts had not been disclosed by the Department of Health. But according to a report in the Sunday Mirror, one of the breaches was thought to involve the loss of names and addresses of 160,000 children by City and Hackney Primary Care Trust after a disc containing data failed to arrive at a London hospital.

Patient Care, the patient support group, said ministers should not try to gloss over the latest "scandal" affecting the poor handling of data.

Joyce Robins of Patient Care told the BBC: "It's the tip of the iceberg, actually, because there's such carelessness within the NHS and it's always impossible to hold anyone to account and find out who's actually done anything. It may be only a matter of time before records fall into the wrong hands and we see not only our ex-directory phone numbers posted on the internet but the record of our abortions, HIV and Aids status.''

From:
http://www.ft.com/cms/s/0/1e6bccd8-b1c3-11dc-9777-0000779fd2ac.html

Thousands of patients' data lost by NHS trusts

Hundreds of thousands of confidential patient records are believed to have gone missing in the latest lost data scandal.

Nine NHS trusts have admitted losing confidential patients’ information in the aftermath of the HM Revenue and Customs (HMRC) data loss scandal, it emerged.

Hundreds of thousands of people are thought to have been affected by the breaches of strict data protection rules by the health service.

The losses were disclosed as police continued to hunt for two HMRC computer discs containing the details of 25 million child benefit claimants.

Since the tax discs went missing in the post it has also emerged that three million motorists’ details have been lost in Iowa, in the American mid-west.

One of the NHS trusts involved - Maidstone and Tunbridge Wells - has reported two breaches to the Department of Health (DoH), meaning that ten cases have occurred in total.

The DoH said it did not have details of how many patients were affected in each case as the breaches were being dealt with locally.

City and Hackney Primary Care Trust has reportedly lost the details of 160,000 children after a computer disc failed to arrive at its destination at St Leonard’s Hospital, east London.

The other trusts involved are Bolton Royal Hospital, Sutton and Merton PCT, Sefton Merseyside PCT, Mid-Essex Care Trust, East and North Hertfordshire, Norfolk and Norwich and Gloucester Partnership Foundation Trust.

The NHS chief executive, David Nicholson, recently wrote to NHS managers reminding them of their responsibilities with regard to data handling.

A DoH spokesperson said: “Since the recent heightened concern about data protection a small number of trusts have reported breaches of their own security rules. There are strict guidelines and procedures for dealing with such breaches.

From:
http://timesonline.co.uk/tol/news/uk/health/article3089052.ece

Health Direct observes that it may be a New Year, but many of last year's Labour NHS fiascos continue. Your personal data is at risk.

The Department of Health's fatuous statement does nothing to grow confidence.

NHS patients' records frequently leaks personal data

Patients' confidential medical records are regularly being accessed by people who have no right to them, research by the BBC has revealed. Figures obtained under the Freedom of Information Act reveal that in the last year there have been several data security breaches in the West of England.

Confidential medical records should only ever be seen by doctors and nurses who are working with the patient concerned, with the government spending some £13bn to digitise the medical records of every patient in Britain.

By 2010, the NHS Care Records scheme aims to have an electronic NHS Care Record for all patients.

The record will detail the key treatments and care given to each of the NHS's 50 million patients.

But in the last year there have been incidents in Gloucester and Cheltenham where staff have shared passwords, giving unauthorised people access to confidential records.

At Bath's Royal United Hospital the same type of breach took place while breaches of security also took place in Swindon and Bristol.

The North Bristol NHS Trust has reported catching a member of staff looking at friends' records, although they were just issued with a warning.

The NHS electronic patients' record has an electronic audit trail built into the system that shows who has accessed what record, how and why, and for how long. Any pattern of unusual activity can be flagged-up and appropriate action taken.

Somerset GP Dr Harry Yoxall told of two instances he encountered where records were accessed by inappropriate people.

"On the first occasion an employer of a relatively small computer supplier to the NHS was looking up information about one of his relatives by getting access to a GP medical records system," he said.

"Then an employee of a hospital trust was using his access to their medical system to look up information about one of his relatives."

One campaigner from the pressure group NHS Confidential Opt Out is encouraging people to remove themselves from the database system.

Helen Wilkinson said: "My concerns are that they need to put more stringent safeguards in place and also that they need to consider, perhaps, smaller local databases that actually link up, but with explicit patient consent, so that would put the patient in control."

Richard Caves of the South West Strategic Health Authority said: "I am confident that a trust - where it suspects an individual member of his own staff as having unauthorised access to a record - that trusts will be able to take measures to track that down."

From:
http://news.bbc.co.uk/1/hi/england/bristol/7119075.stm

NHS database will weaken patient security MPs learn was posted by Health Direct on Thu 22 Nov 2007- The man in charge of setting up the NHS medical records database has admitted that "you cannot stop the wicked doing wicked things" with information. Richard Jeavons, director of IT implementation at the Department of Health, said there were instances where staff "abuse their privileges".

These had to be "pursued", he told the Commons home affairs committee. The plan to put 50 million patients' records on the database is part of a £12bn NHS IT overhaul.

The scheme has raised concerns over cost and the security of information.

A poll for the Guardian suggests that 59% of GPs in England are unwilling to upload any record onto the database without the patient's specific consent.

Three quarters of more than 1,000 doctors questioned believed medical details would become less secure when they are put on a database that will eventually be used by the NHS and social services.

Government chief information officer John Suffolk told the MPs that setting up a nationwide database going across Whitehall departments and other government agencies would create more problems.

He said: "When you work at a national scale, to continue to put more eggs in a single basket is a foolhardy approach."

Mr Suffolk added: "The more and more you put it into a large database, with more and more people having access, it becomes more complex...

"If we can avoid setting up large-scale citizens' databases, that would be a wise thing to do."

Health Direct asks if you are still 100% confident that labour will keep all of your medical data secure?

Doctor's MTAS online system may be ditched- cost unknown

Channel 4 interviewed the Secretary of State for Health, Patricia Hewitt over the crisis surrounding the appointment of thousands of junior doctors. The new Medical Training Application Service (MTAS) was heralded by the government as an 'agent of change', designed to establish a fairer, more transparent system for recruiting the next generation of specialist medics. But for months now it's been ridiculed within medical circles for effectively deselecting some of the brightest junior doctors.

And for being so transparent that - at one point - it actually left all the personal details of thousands of medics - including their sexual orientation - sitting on a website for all to see.

A gross security breach exposed by this programme - and now - as the Secretary of State revealed today - subject to a possible police investigation.

In a written ministerial statement she said "Action has been taken by the contractor... to address the weaknesses identified. Because the investigation has made it clear that criminal offences may have been committed the... analysis and report have been given to the police."

Even more embarrassing for the health secretary this morning was the admission that her department's new £6.3 million medical recruitment system was effectively being shelved.

"Given the continuing concerns of junior doctors about MTAS, the sytem will not be used for matching candidates to training posts, but will continue to be used for national monitoring.

A bit of a coup, you'd think, for the group of junior doctors who mobilised 15 months ago specifically with a remit to discredit MTAS. Not so, they said. the damage has already been done. The new recruitment strategy came in for criticism earlier this year when it emerged that there simply weren't enough training posts available.

A leaked document from NHS Employers revealed that the charity VSO had been approached by the government - the problem they said was an excess of applicants for training posts over places, by about 10,000. One junior doctor told channel 4 news he was off to Ireland to finish his training.

By March it became clear that very good candidates like Salima Dhalla - an experienced doctor with two degrees - weren't being short listed for interview.

The BMA declared the system unfair. Thousands protested in London and Glasgow and Patricia Hewitt - who'd already announced a review of MTAS - began saying sorry.

Her final apology followed Channel 4 News's revelation on 25 April of a major breach of security on the MTAS website.

Intimate confidential details of medical students openly available to the public. The next day Channel 4 news exposed another MTAS security breach.

This time over students able to read each other's confidential files. The government suspended the website.

The question is why did it take them over 24 hours to do so on a matter of such sensitivity?

In the face of an increasingly indignant junior doctor lobby, Patricia Hewitt announced that thousands more interviews would be made available for those seeking training posts this August.

But in Scotland chaos ensued - as Channel 4 News revealed how employers were desperately emailing candidates to ask them if they were supposed to be being interviewed.

The programme's revealed how further data problems have stalled a number of candidates applications on the erroneous grounds that they were immigrant workers and last night, on Channel 4 News, consultants finally went public about the pressure this was having on patient care.

Finally, the latest error brought to our attention: An email sent out by Wessex deanery congratulating the candidates on their application. Half an hour later 31 of those contacted were told it had been only a draft email sent in error. They hadn't in fact got the job.

From:
http://www.channel4.com/news/articles/society/health/doctors+online+system+to+be+ditched/511747

Hewitt's pathetic record on IT development was highlighted by Health Direct on 30 Apr 07 in our post- Contender for greatest of all Labour's NHS failures- MTAS Junior Doctor application system- The crisis that is leading highly qualified junior doctors to head abroad is the result of one of the National Health Service's all-time great administrative cock-ups.

It is has left 30,000 junior doctors bitterly disillusioned and angry. But it also has big potential implications for patient care.

Highly-qualified junior hospital doctors are now quitting the National Health Service for jobs in Australia, New Zealand and elsewhere following the fiasco over a new application system for training jobs that has left many without an interview.

Almost 5 per cent had already had overseas offers. This raised the possibility that many would take four- or five-year training posts that would deprive the NHS of their services for at least that long and perhaps their whole careers, the BMA said.

This disaster waiting to happen recieved a warning form Health Direct over a year ago- 6 Mar 06 in Junior Doctors' new IT MMC recruitment system is a disaster - It is an irony that many of the questions junior doctors must answer when they fill in the new form to apply for hospital jobs relate to their leadership skills and ability to work as part of a team.

The form is part of a new applications procedure, called Modernising Medical Careers (MMC), which involves no human interaction whatsoever. Hospitals are banned from holding interviews, having to rely instead upon a computer "dating" system that supposedly matches the applicant to the job.

As 80 eminent doctors have been moved to protest to the Department of Health, the results have been disastrous. Sixty junior doctors recruited in this way have failed to demonstrate a basic level of medical competence, while many others have had to be retrained at huge expense.

No checks have been made, so it seems, on the information that applicants put on the forms. Moreover, in the absence of an interview, there is no way hospitals can be sure whether the applicant is a genuine, qualified medical student or whether they are an impostor who paid someone to fill in their form for them.

And what has Patricia Hewitt and her cohort of expensive paper pushers at the Dept of Health done about these warnings for over a year? F All. Talking of Football, DoH and Ostriches- they are all about as impressive as the Football League at ignoring disasters.

NHS IT upgrade creates false patient records

A software upgrade under the NHS's National Programme for IT (NPfIT) has led to hundreds of ­incorrect duplicate patient records being created every day at NHS sites in Greater Manchester. A team has been formed to prevent patient data being lost. The emergency action raises questions about how well NPfIT systems are being tested before going live.

The affected systems are creating up to 400 duplicate patient records a day. Internal documents show that the duplicates have been created on the assumption that a patient does not already have a record - even if they do.

If these duplicates are left in place, it could lead to clinicians seeing patients without access to important medical history.

To stop this happening, the actual patient record must be merged with the duplicates. But if a backlog of unmerged records builds up, hospital record libraries could send clinicians the wrong patient file based on the duplicate record, which could pose a clinical safety risk.

The internal documents warn that merging records is creating significant extra work. And the merged files may later need to be unscrambled to maintain data integrity on patient administration systems.

Problems arose after Maintenance Release 1 of the IPM patient administration system was rolled out by NPfIT local service provider CSC and its subcontractor iSoft.

The upgrade, over the weekend of 21 and 22 April, led to up to 400 duplicated records being created each day for patients who had hospital appointments made using the Choose and Book NPfIT system.

Computer Weekly has received other internal documents which show that the incident in Greater Manchester is not isolated. There have been about 200 "major incidents" at NHS hospitals in the four months to the end of January 2007.

Dozens are in the highest "severity one" classification and some have affected NHS sites across England. Pacs digital systems and radiology information systems are among those to have suffered failures.

The problems undermine the position taken last month by health minister Lord Hunt that a Public Accounts Committee report on the NPfIT was based on information that was out of date. The latest incidents all occurred in the past seven months.

CSC and Connecting for Health, which runs the NPfIT, said of the problems in Manchester, "Although comprehensive testing is undertaken prior to upgrades, it is not unusual for these kinds of upgrades to identify teething problems in the early stages following implementation."

The Health Committee of the House of Commons began its inquiry into aspects of the NPfIT on 26 April 2007 but its narrow terms of reference exclude looking into the threats to healthcare of troubled NPfIT go-lives.

From:
http://www.computerweekly.com/Articles/2007/05/08/223688/nhs-upgrade-creates-false-patient-records.htm

Labour's NHS IT record is lamentable. Only last week (30 Apr 07) Health Direct posted: Contender for the greatest of all Labour's NHS failures- MTAS Junior Doctor application system
The crisis that is leading highly qualified junior doctors to head abroad is the result of one of the National Health Service's all-time great administrative cock-ups. It is has left 30,000 junior doctors bitterly disillusioned and angry. But it also has big potential implications for patient care.

Health Direct warned over a year ago that the new Junior Doctors' IT recruitment system was doomed to failure. Did any politician or civil servant listen?

March 06, 2006 Junior Doctors' new IT MMC recruitment system is a disaster
It is an irony that many of the questions junior doctors must answer when they fill in the new form to apply for hospital jobs relate to their leadership skills and ability to work as part of a team.

The form is part of a new applications procedure, called Modernising Medical Careers (MMC), which involves no human interaction whatsoever. Hospitals are banned from holding interviews, having to rely instead upon a computer "dating" system that supposedly matches the applicant to the job.

As 80 eminent doctors have been moved to protest to the Department of Health, the results have been disastrous. Sixty junior doctors recruited in this way have failed to demonstrate a basic level of medical competence, while many others have had to be retrained at huge expense.

Coming back to the £12 billion white elephant that is (NPfIT)- do you want your complete medical details to be available to over a million people?

On 21 Dec 06 Health Direct posted: Patients win partial right to block medical records in U turn on CfH IT project when Labour Ministers have bowed to the complete distrust some patients have of the planned National Health Service electronic patient record Connected for Health IT £20 billion system by appearing to agree that we will be able to place a total block on our records being uploaded to the system- rather than just a bar on them being shared.

Precisely how they will be able to do that, however, has yet to be established ahead of pilot projects planned for the spring.

Health Direct warns- don't break out the champagne yet. The report was cleverly spun; hidden in an appendix is confirmation that you can opt out of the Summary Care Record, but not from the Detailed Care Record.

Ministers have, however, recognised that "some patients may ask for their summary care record not to be shared or uploaded at all", and Lord Warner said the government may honour that.

But once the records of millions of people are on one system, to which a court will give access without GPs' knowledge, the police will be sorely tempted. They already collect all sorts of operationally useful data: they have had access to opiate prescriptions for years, and there's been a steady rise in their requests for journey data from London's Oyster card system.

Undermining medical privacy will harm many vulnerable groups, from children to rape victims. Letting civil servants rather than doctors set the trade-offs between medical privacy and other goals will also be a major change.

How that will be achieved, both practically and in IT terms, has still to be considered, ahead of the pilots by an advisory group. Whether the new approach will involve writing to every patient to tell them their records are going to be uploaded, rather than relying on public information techniques, is also not clear.