Securing NHS Data

NHS Connecting for Health

As part of the the Department of Health Informatics Directorate, NHS Connecting for Health was responsible for maintaining and developing the NHS national IT infrastructure.


The Challenge

The National Health Service (NHS) project, National Programme for IT (NPfIT), is the world’s largest civilian IT project. ASE worked for the NPfIT on behalf of the NHS since the programme’s inception. A fundamental concept within the programme is that of the “Shared Care Record”.

The security measures designed and placed around the share patient data are designed to ensure that both the integrity of the service and the confidentiality of patient information.

Our approach

ASE performed a leading role in the design and implementation of security and confidentiality technologies across the NPfIT. ASE set up the initial design authority for the programme and ASE consultants were embedded as architecture and security consultants in all of the major constituent programmes of work. ASE also provided senior staff for then central information governance and security function.


User Registration and Authentication

The basis for any security model is the knowledge of who the User is, the privileges that they are entitled to, and the manner in which they need to interact with the system being secured. Technologies, process and procedures aligned with eGovernment Interoperability Standards for Registration and Authentication have been developed and deployed by ASE. This is the first NHS-wide framework for the robust identification of staff and is based around two-factor authentication using a Public Key Infrastructure. When all users are registered, this will cover some 1.4 million users and will be the world’s second largest PKI deployment.

Role Based Access Control

Government policy, and other aligned programmes within the NHS, have fed the requirements process for providing a standardised approach to access control across the NHS. This must be manageable for very large user bases, yet also maintain flexibility that allows for the tailoring of access policies for individual users. ASE achieved this using Role Based Access Control and our consultants were instrumental in the deployment, implementation and business change required for this approach.

Infrastructure, System and Application Security

With enterprise services of the scale being implemented within the NPfIT it is imperative that a high level of security is built into all layers of all services. ASE consultants performed key roles in the design and verification of all infrastructures, systems and applications that have been deployed as part of the NPfIT. This has included the construction and assessment of penetration testing, the specification of perimeter measures and countermeasures, and the assurance of deployments.

Anonymisation and Pseudonymisation

Health data can be used for purposes other than the direct care of patients (e.g. epidemiology). The Secondary Uses Service is key to this, and ASE consultants have been at the heart of the development of this service. The information held within the Secondary Uses Service is of immense value to research and care, and is also used to support the Payment by Results strategy of the NHS. Therefore, this is a highly sensitive data asset. The ground up approach of the Secondary Uses Service is one where all data output is routinely anonymised or pseudonymised leading to an assured level of privacy for the data subject. ASE has been key to both the design and development of this service and also implementation assurance.

Contract Schedules and Legislation

Underlying all the technical provisions for IT Security within the NPfIT are a series of large, complex contract schedules. ASE consultants have been core to the development of the Security and Information Governance schedules, and have established themselves as authorities to both the NHS and also to Contractor Organisations with regard to both the contractual schedules and also pertinent legislation. Indeed, ASE consultants have been the driving force behind recent legislative amendments to enforce stronger security measures in healthcare systems.

Information Security Management Forum

ASE consultants were responsible for the instantiation of the Information Security Management Forum for the NPfIT. This has led to a harmonisation of approach to Information Security across suppliers to the Programme, and ISO17799 / BS7799 compliance by eight different contractors. ASE consultants’ extensive experience in the provisioning of Public Key Infrastructure services has meant that the NHS is well set to obtain tScheme approval.