Information society : agenda for action in the UK : evidence received after 31 March 1996 / Select Committee on Science and Technology.
- Great Britain. Parliament. House of Lords. Science and Technology Committee.
- Date:
- 1996
Licence: Open Government Licence
Credit: Information society : agenda for action in the UK : evidence received after 31 March 1996 / Select Committee on Science and Technology. Source: Wellcome Collection.
30/324 page 332
![16 April 1996 ] [Continued Lord Flowers 447. You were talking about security, you have mentioned it several times. (Mr Rogers) Yes. 448. I want to ask about cost. The doctors are amsisting that a secure system is essential, that patients want it, so they say, although I do not care who sees my medical records and I suspect that goes for an awful lot of patients but never mind, that is not your problem. You joyfully go about trying to provide them with the security they want, of course you do because it is fun, great fun but there is a cost. I would like to know the order of magnitude of the additional cost of providing security of the kind the doctors want presents you with? The question must come sooner or later for the cost of providing security how much medicine could you provide? I think it is important to get some idea of what this cost is. (Mr Rogers) Yes and I would share that view. Certainly we are determined to protect the confidentiality of health data but we are determined also to balance the risks against costs. You can never be 100 per cent secure, that is a truism. The question therefore is how close to 100 per cent do you endeavour to get. In the NHS wide networking system the provisions which we have put in place which people can use at their choice to protect their databases from access from unauthorised users do come generally with modern networking systems anyway and you would expect them to be there. I will ask Tony in a minute to tell us what it costs for somebody who wishes to protect a sensitive database from direct access. We have an arrangement whereby if they wish to protect it in a manner which forces anybody whois trying to access it to have one of these personal authentication devices which are available. I willask Tony King to tell you how much having one of those might cost. In a sense the big risk is people getting into the databases where the data resides as distinct from intercepting it as you send the message between one computer and another. The much lower risk is that interception and that interception can be protected in a number of ways and there are all sorts of security measures you can put in place but one way is to encrypt the message. We have just commissioned a report on this because we realised there was relatively low risk but the possibility of quite a high cost and administrative and technical complexity. The report has just been published, in fact last week, and its finding is that the cost will be £20 million. 449. Forgive me Mr Rogers, you are illustrating my point very well that it is fun. (Mr Rogers) No, I do not think it is fun. 450. I am quite convinced it is fun from what you have said, what I really want to know is how much it all costs? The cost of providing the security? (Mr Rogers) The encryption is £20 million over three years to put it in, two to three million pounds per year thereafter. What ministers have undertaken to do is to pilot encryption to test out the conclusions of this report. / 451. Do you need larger machines to deal with the encryption software? (Mr Rogers) That may be the case. 452. How much more do they cost? (Mr Rogers) This is included in the £20 million but it does not follow that you need more powerful machines, you may do. That is the purpose of piloting it. It rather depends whether you try and encrypt the whole of large files or whether you just try and encrypt little bits of them. There are a number of issues, namely the speed of the software or the hardware at the interface, which may determine whether you need a bigger machine at the back end. The £20 million over two to three years is the estimate we have for that aspect of protecting security. Chairman 453. Mr King, you are going to tell us what the cost of access 1s? (Mr King) Yes, the individual device costs about £60 so if you multiply that by 10,000 GPs you get some order of magnitude. I suspect the cost will come down quite considerably but it is not a great cost. I think the cost that has to be understood is the on- going administrative cost of keeping track of such devices. What happens if a GP loses the device, do we deny him access to the database simply because he has not got it with him and it may bea mission critical operation at that time. There is always a hidden overhead to providing security systems and the case for whether we use them or not is not for me to decide fortunately. There is an upfront cost of approximately £60 probably reducing to £50 maybe even £40 maybe even free eventually but there will be a significant administration cost both people, resources and perhaps denying access to information in the event that this becomes lost or misplaced. Lord Hollick 454. You talked earlier about the cultural barriers to realising many of the great benefits that you have outlined that technology can deliver. How do you overcome those barriers? We have heard earlier from the BMA how the medical profession is tackling them. I think for many people going into the National Health Service is an administrative nightmare. In the area of administration technology, particularly network technology, is ideally placed to deal with those problems yet little progress seems to have been made. (Mr Rogers) I think I would challenge that little progress has been made. I have lots of invitations to travel around the world and talk about what we are doing in the NHS so I think I would challenge the rosy picture that is sometimes painted of what is happening in other parts of the world. That having been said, compared with other sectors the NHS is not up with the leaders by any means. What do you do about the cultural issues? We do what we can to demonstrate to people the advantages of IT in particular ways but there is nothing like having it for real. My experience is that as soon as you demonstrate you are getting benefits and people are getting benefits from these things then others start to follow. In order to follow you do have to have the infrastructure to do so. It is only recently, since we have been implementing our strategy over the last two years, that the NHS is beginning to have, and virtually now has, that infrastructure to move](https://iiif.wellcomecollection.org/image/b32218631_0030.jp2/full/800%2C/0/default.jpg)
