Many NHS trusts not secure enough to access the Spine

NHS trusts could be fined up to £500,000

Some 10 per cent of NHS trusts register "amber" for their handling of data security and consequently will be prevented from accessing NHS IT services including the N3 network and the Spine, according to a report from technology and infrastructure arm Hytec.

To have registered as amber, companies will have scored between 40 and 69 per cent on their Information Governance Statement of Compliance (IG SoC) approved assessment.

Companies must have completed their IG SoC assessment before being able to access a series of core NHS IT services.

The NHS has been responsible for more than 300 incidents of data security breaches reported to the Information Commissioner's Office (ICO) since 2007, which represents almost a third of all incidents. In April the Digital Economy Act gave the ICO the power to fine organisations up to £500,000 for failure to adequately protect their data.

“To still have some trusts on amber is concerning as it means that they do not have all of the processes in place to secure patient data," said Alan Hunt, director of information security at Hytec.