Data Security Standards for EMG and EEG Recording Machines in transit

There is a risk to data confidentiality when recording machines are exchanged between hospital departments and manufacturers. This has been known about in the corporate IT world for years, but it is perhaps not so familiar in our world. I hope to use this forum to develop a common approach to this problem between clinicians and our equipment manufacturers.With the focus on service quality coming soon to the NHS this is an area for which we need agreed standards.

Problems still arise with many types of data according to a recent survey which was also reported in the national press.

As many of us have found, the NHS is implementing rules for obvioiusly movable data on laptops, USB sticks and CDs, but these rules are poorly and variably implemented in many trusts. I am not aware of specific NHS rules for the sort of apparatus we use as main recording stations or for file servers.

In the  attached document I propose a first version of some standards for consideration.

Adrian Fowle