'No security flaw' on patient care records
I am writing to correct what I believe to be a misleading account of my views given in your article 'Confidentiality of millions at risk as IT chief exposes security flaws' (News, 24 May), concerning the confidentiality of patient data held by the NHS.
As the developer and supplier to BT of the pseudonymisation software that protects the confidentiality of the data, it clearly makes no sense for me to make such claims. I strongly believe my software does protect the confidentiality of patient data for the purpose it was designed. BT has already stated that it believes the patient data is properly protected.
You have quoted BT as previously stating that data 'could' be transferred outside the NHS for research purposes. This is entirely hypothetical, hence the word 'could'. I am not aware of any plans to do this. However, if this further step was considered by the NHS, it is clear to me that they would ensure confidentiality safeguards are changed.
I agreed to meet Pulse to discuss the technical alternatives to your campaign for 'a watertight anonymisation system' because I believe this would prevent the development of new medicines and treatments and cripple the industry's ability to improve the current quality of healthcare. I seem to have failed to get that point across.
I am disappointed that your publication should have used such sensationalist language in the headline and reporting of this subject by suggesting that there is already a risk to confidentiality. I do not believe such a risk exists – and it was I who provided the technical basis for your claims in the first place.
From Robert Navarro, managing director, Sapior
• Jon Moggridge, BT Health:
BT would like to make it clear that the pseudonymisation software we use meets the NHS requirement to protect patient data when it is used for secondary research purposes for the NHS. If – in future – the NHS were to make research data more widely available, we would work closely with them to ensure that patient confidentiality continues to be protected as a fundamental principle.
The security of our systems is of paramount importance to BT and we take very seriously our responsibility to protect patient data in our work for the NHS.
• Editor's note:
Pulse stands by the story as an accurate representation of the conversation and the background context.
While Mr Navarro is correct to point out that discussions relating to sharing of records beyond the NHS are currently hypothetical, BT's written evidence to the health select committee suggested that making aggregated data from electronic patient records available to pharmaceutical companies 'would not only assist R&D but would provide the NHS with a substantial income source'.