Are guidelines enough for IT security within the NHS?

There can be no denying that it has been a rough old 18 months for the NHS as far as IT security is concerned, given the well documented catalogue of data breaches that have been reported as part of the Department of Health’s recent review of NHS security. According to the GP website, Pulse, problems have included 58 incidents in which patient records were lost on memory sticks, in the post, on stolen laptops and even just thrown away in the rubbish. A DH spokesperson said in response that guidance had been issued to all branches of the NHS concerning the need for information governance. They also stated that good security is essential, which is why “we place so much emphasis in our guidance,” when it comes to the way that information is held and shared within the NHS. Yet some security experts, both within and outside the NHS, are starting to question whether it is enough to rely on NHS Connecting for Health (NHS CFH) guidelines and assorted best practice documents. Some are suggesting that more is needed, and that it may be time for security standards to be implemented across the health service.