NHS trusts spend £1 million to prepare for GDPR

Healthcare bodies invest in software tools and staff training, FoI reveals

The NHS is underprepared for GDPR despite the data protection law coming into force in just six weeks, according to new research.

Trusts have spent more than 1 million collectively on updating systems for the legislation, which aims to hand EU residents more control over what companies do with their personal data, and introduces tougher fines for firms who misuse that data.

Think tank Parliament Street asked NHS trusts across the UK to share their current expenditure and their projected expenditure for the next year on preparing for GDPR, and specifics about how the money is being used, collating the information in a report titled 'Getting the NHS ready for the GDPR'. 

The Freedom of Information requests revealed a total of 1,076,549 had been spent across the 46 trusts that responded, of 84 approached, including expenditure on consultancy, secure email systems, software, staffing and training.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Citing Digital Health Alliance research that shows only 55% of acute trusts and 47% of mental health trusts have an implementation plan for the legislation, the report said: "This suggested that around half of trusts are properly equipped with a plan to tackle this complex legislation.

"A key issue for the NHS is how they manage and secure sharing of confidential patient records and data, which is extremely sensitive and personal to individuals."

The think tank argued that GDPR implementation would add further strain to NHS resources already struggling with rising costs for social care.

Luton and Dunstable Hospital Foundation Trust spent the most on its preparation - 111,200 - targeting resources at staff support and training, while Lincolnshire Partnership NHS Foundation Trust, the only other trust to spend more than 100,000, allocated funds toward staffing and training - including 1,755 on specialist training.

The lowest-spending trusts, committing less than 1,000 each on GDPR preparation, included East Kent Hospitals University NHS Foundation Trust, Rotherham Doncaster and South Humber NHS Foundation Trust, Cheshire & Wirral Partnership NHS Foundation Trust, Alder Hey Children's NHS Foundation Trust, Goodmayes and Royal Derby Hospitals.

The low-spending NHS trusts IT Pro spoke with were keen to point out expenditure was not correlative with or reflective of their level of preparedness.

Advertisement - Article continues below

A spokesperson for the Department of Health and Social Care said it has worked with partners to develop "a comprehensive suite of guidance products" to support the implementation of the General Data Protection Regulation in May.

They added: "GDPR will replace the current Data Protection Act and will set a more robust framework for how we collect, store and share data across the health and care system in future. In addition to the guidance produced by the NHSE-led GDPR working group, there is considerable information and guidance available, particularly from the Information Commissioner's Office."

As part of its research, the think tank also discovered additional detail on how trusts were spending their resources. For example, the Christie NHS Foundation Trust spent 54,000 on an Information Security Management System and consultancy resources, while the Queen Elizabeth Hospital King's Lynn NHS Foundation Trust spent almost 11,000 on a data flow and mapping licence, software training and configuration consultancy. 

Among its recommendations, Parliament Street proposed the NHS establishes a national programme for managing and funding GDPR - bringing together lawyers, CIOs and CEOs to ensure consistency between trusts - as well as lobby the Treasury for extra support.

Advertisement
Advertisement - Article continues below

In addition, the government should provide dedicated legal advice in the form of solicitors and specialist counsel to enable all trusts to gain free consultancy on implementation, the report said.

The East Kent, Rotherham Doncaster and South Humber, Cheshire & Wirral, Alder Hey trusts, as well as the NHS itself, were approached for comment.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020