http://www.computerweekly.com/blogs/ton ... s-don.html
The overall senior responsible owner of the NHS's National Programme for IT [NPfIT] has said the Department of Health does not wish to be told of day-to-day breaches of security.
David Nicholson, Chief Executive of the NHS, was being questioned by a Labour MP Don Touhig about the IT programme and the security of its databases of medical records.
At the same hearing of the Public Accounts Committee, Nicholson said that NPfIT's systems were "more secure than internet banking".
But Touhig, a former Labour Defence minister, said this assertion by Nicholson was "recklessly courageous".
Touhig is concerned that NHS organisations are not compelled to notify Connecting of Health - which runs much of the NPfIT - of all security breaches.
At the committee's hearing into the NPfIT, Touhig asked Nicholson how Whitehall officials know when confidentiality has been compromised if NHS organisations do not tell Connecting for Health, which runs much of the NPfIT? Touhig added that Whitehall should be told of security incidents in trusts. "How on earth do you know whether your processes are working otherwise?
Nicholson said: "In terms of the NHS as a whole what we are saying is that they [NHS trusts] should identify them [security breaches] in their annual reports and publish them -
Touhig interjected: "A bit late then."