UK: ICO given new powers to audit NHS
From the Information Commissioner’s Office:
“Data breaches by the NHS are a major cause for concern – this will give us a chance to act before a breach happens”
The Information Commissioner has welcomed a change in the law that will give his office the right to force NHS authorities to be audited for compliance with the Data Protection Act.
From 1 February, the ICO will be able to subject public healthcare organisations to a compulsory audit. These compulsory audits have previously only applied to central government departments.
The audits review how the NHS handles patients’ personal information, and can review areas including security of data, records management, staff training and data sharing.
Read the full press release here.
I’m delighted to see this, especially since I spent some time yesterday trying to locate a contact email for the NHS to alert them that a hacker had dumped a list of vulnerabilities in NHS sites that hackers could exploit. Failing to find any central contact for reporting infosecurity concerns or breaches, I tweeted an inquiry as to how to reach them and finally decided to email the ICO’s press contact to ask them if the ICO could get in touch with the NHS to point them to the paste and list of vulnerabilities. I haven’t heard back from them yet, but I hope someone lets the NHS know so they can address the vulnerabilities before others exploit them.
Feb. 9: See the update here.