A number of NHS health trusts have been unable to meet targets for encrypting patients' personal data.
The targets, which were set by NHS chief executive David Nicholson, called for all NHS trusts to have any data on non-secure machines encrypted by the 31 March this year. However, many trusts had been advised not to begin the work until Connecting for Health (CfH), the body co-ordinating NHS IT, acquired an encryption package, which did not take place until 20 March.
The Department of Health (DoH) has warned it will take "at least six months" for each trust to complete the encryption and as there is no central monitoring, it is up to the strategic health authorities to check data has been encrypted.
CfH highlighted that 700,000 licences for McAfee's SafeBoot, the chosen encryption package, had been issued but the process will take some time to progress "as skilled technicians are required to complete the task". It also said that the 31 March was a local deadline set by some strategic health authorities (SHAs) and no overall deadline had been set the DoH.
"The rollout of encryption is a complex matter," said the DoH. "David Nicholson has sought and received assurances from the heads of all trusts that they are working to ensure encryption takes place in a timely fashion. Each of the SHAs will performance-manage this, but it is paramount that patient care is not disrupted."