NHS trust guards against further data loss

NHS Lothian implements access controls

NHS Lothian is ramping up the patient information security following a recent data loss incident.

The Scottish Trust is implementing access management security from Lumension Security to restrict network access to approved devices. This is being complemented with end-point control technology from Becrypt.

“Recent well-publicised incidents have highlighted the need to ensure that ICT systems are robust and offer the proper levels of security and that regular staff training is conducted to ensure the proper management of patient records is adhered to,” said Martin Egan, NHS Lothian eHealth director.

Earlier this year, an employee at NHS Lothian lost a USB memory stick containing sensitive information, potentially including sensitive data on 137 patients.

The Becrypt product is an end-point control solution that stops prevents the unauthorised copying of data on to plug-in devices.

The Lumension solution works similarly and will also encrypt all approved devices, including USB drives, CDs and DVDs.

It will also provide the Lothian eHealth Department with an in-depth list of all the devices that have attempted to connect to the network, including those by unauthorised users.

The trust’s long-term ICT partner, Northgate Information Solutions, conducted the review of security protocols and helped the trust implement the security solutions.

The system had to give the IT team "complete control over what users can access and what information can be transferred to portable storage devices while providing the necessary flexibility to ensure end user satisfaction,” noted Egan.