Give the guys a break
Ok.. the have been breaches of security on the servers holding the information. As a server administrator myself, I can honestly say I have been aware of many breaches of security on my servers, they've done nothing serious, but if someone asked me if there had been a breach of security, then I'd have to report it.
Before the NHS CfH scheme was implemented, one of the reasons we weren't so "well informed" of such breaches of security was that there we weren't aware if there were breaches. If someone gets access to a filing cabinet, with records they are authorised to read, and records they're not.. then in the "real world paper system" that would never be recorded as a breach of security - yet in the IT world it is.
With the implementation of these new systems, CfH are effectively shooting themselves in the foot as regards the security breaches - they've made the security systems tighter (which I think we all want) and as a results, they are able to report on the security breaches far more comprehensively.
I think it's very amusing watching people call for people to be sacked over this - where would that leave us? If you watched just the first ten minutes of the Health Select Committee meeting yesterday, you would realise that whilst there have been major errors in implementation - the system is getting there. If it wasn't for silly politicians arguing about how the e-care records are stored, and they let the people with the expertise get on with it, then I'm sure the system would be implemented faster.
For example, in the meeting yesterday, the chair of the committee couldn't get his head round why CfH were implementing two tiers of e-care record (one local and one national). The simple reason was bandwidth - if national patient records were all constantly downloaded from a central server (including all past x-rays, CT scans .etc) then it would use huge amounts of bandwidth.
Now, I really think we should take a good look at the situation. It's the politicians and the media that are screwing up the system. Sure mistakes have been made - but it's the biggest non-military IT system implementation yet - so can we please allow the people a bit of leeway when they get things wrong. You'd think that fellow IT professionals would understand this really... I mean, how often do you see the specs changing once you implement a system? How often does the guy in charge change the spec half way through. Plus, there have to be end user considerations.
Pre-2002, the NHS spent £1 billion a year on IT - yet could not send a single electronic communication between sites. Hundreds of thousands of letters were being sent to the wrong address due to outdated patient records, and this meant missed appointments, and sometime missed operations. If the IT system isn't given the chance to value-add by creating increased efficiency... then the NHS will go to pot sooner than you can say SCO.