Pulling plug on NPfIT raises data issues

Further to the news last week that the government has finally pulled the plug on the NHS National Programme for IT (NPfIT), concerns are mounting about what is going to happen to the vast volumes of data that have been created (Opinion: NPfIT - a chronicle of a death foretold).

The very nature of the NHS IT programme was to create a fully integrated electronic patient records system, meaning that this data is likely to contain large amounts of personal information.
The NHS does not have a good record of data retention and so it will be important that the clean-up of this programme is done properly. Shutting down any project requires a wind-down period, and this project will require more than most.

It is essential that the personal clinical data that was stored is properly wiped from the systems that are being decommissioned, and we should question how this is being done and what checks are in place to make sure that it is done properly and securely.

Graeme Stewart, Sophos