The  software also allows data that has been authorised for storage to be encrypted, with specific limits set regarding the file size and type. This can be set to prevent large databases being copied.

Last year, the Information Commissioner’s Office published a report titled “Data Handling Procedures in UK Government,” highlighting the need to restrict access to public sector data and personal data stored on removable devices to be encrypted to prevent unlawful access. Accordingly the Scottish government made £1m available to the Scottish Health Boards from its eHealth budget to help compliance with the latest requirements.

Mark Salveta, head of business advisory group, NHS National Services Scotland, which procures IT software on behalf of the 14 Scottish Health Boards and eight Special Health Boards said: “The new policy demanded that all Health Boards acquired products enabling them to encrypt personal data stored on mobile devices such as USB thumb drives and laptops.

“Essentially we needed a solution that would prevent anyone from storing patient data or any other Health Board information, onto a CD, DVD, USB stick or laptop, without having express permission to do so,” said Salveta.“We decided that although the Health Boards were making these improvements themselves, the £1m could be used more effectively if it was allocated from the centre and a large purchase was made all at one time.”

Lumension’s device control software enforces NHS security policies through its “default deny” approach, creating an IT environment in which no data can be transferred from the server to a laptop, CD, DVD or USB storage device, without the express permission of the IT manager.

This allows IT managers to pinpoint exactly which employee has transferred files and reinforces the responsibility of named NHS employees to protect the data that they are transferring. In addition, Lumension’s integration with PGP ensures that authorised data transfers can be encrypted on laptops and other portable storage media.

Importantly, this helps to alleviate the need for an ICT department to "do away" with the existing stock of unencrypted USB keys or mobile hard drives in exchange for hardware encrypted versions. The solution automatically encrypts any data being transferred onto the transfer media, locking it down with 256 bit encryption, making the safe storage and movement of data easier and accessible, as users require.

NHS Services Scotland reviewed products from ten vendors using a strict specification and technical review. Salveta said: “It turned out that there was very little difference between the final three vendors other than the price, which made us choose Lumension. From a value for money point of view the procurement process allowed us to sign a contract worth £3m for just £1m.”

Software has already been rolled out at NHS Lothian and NHS Grampian, and will continue over the coming weeks. The Health Boards will retain the option to choose a different product, but have an obligation to comply regarding the protection of data stored on portable devices.