Greater public reassurance about new NHS database may save lives

Just a few hours have passed since the government announced it has backed plans to store medical records electronically - with patients being able to prevent access if they so wish - and security experts are already expressing serious concerns about wider NHS database proposals.

The NHS database of patients' medical records, dubbed The Spine, which will hold the details of around 50 million people, will never be truly secure, unless the government elevates IT security to the top of the agenda, according to spyware specialist Webroot.

It says that more than 1,300 patients wrote to the Department of Health demanding that their details be omitted from the database.

The main reasoning behind such a volume of letters appears to be concerns that sensitive information regarding issues such as mental illness, abortions, pregnancy, HIV status, drug-taking or alcoholism could become easy fodder for hackers and spyware writers.

While patients will be able to amend their records and withhold data should they choose, Webroot is worried that this may have serious implications on individual safety.

The company concurs with some medical professionals who are worried that patients are placing themselves at grave risk by omitting to disclose their medical history, for example, by failing to note information that may ultimately help them in a life or death situation.

"The question seems to be 'how' the public will be given the choice to remain unlisted and not 'how' to relieve the public of these major security fears," said Daniel Mothersdale, marketing director of Europe, the Middle East and Africa (EMEA) at Webroot.

"Personally, I would like to hear one or two more important messages from this project's dedicated taskforce, to encourage patients to provide their details, knowing that they do so within a safe and secure environment. All too often, we have seen cases of databases that have been subject to spyware, concluding in the theft of thousands of identities or credit card details, for example."

People might be more inclined to provide potentially life-saving data if they had greater reassurance of how secure the new system will be, according to Mothersdale.

"We urge the government to respond to the public outcry by putting IT security at the forefront of their database design and management," he said.

"Hackers are hugely financially motivated and will use advanced methods of technology to infiltrate databases. If the British public knew that there was dedication and commitment to consistent consultation on the management and accessibility of the data, plus an understanding of spyware and other malicious code, before, during and after the implementation of this database, then perhaps the acceptance of this project may ebb in their favour.

"I'm not suggesting that the government disclose their security plans, but give some comfort to the British public that they are investing time and money to do everything they should to manage access and stay ahead of the hackers."