More than half of NHS trusts have missed a government target for making their patient data more secure, HSJ has learned.

Figures released to HSJ by the Department of Health show that just 186 out of 396 acute, mental health, primary care and ambulance trusts met a requirement to “pseudonymise” their patient records by April 2011.

The target was published as part of the DH’s pseudonymisation implementation project, launched in June 2010.

With pseudonymised data, patient identities are encrypted so the information can be used by NHS organisations or other public bodies to monitor trusts’ performance and spot clinical trends.

Where analysis reveals patients face potential health risks, the body that gathered the information is still able to trace the individual concerned, which is not the case where identities are simply removed.

The Department of Health had intended to enable “the legal and secure use of patient data for secondary purposes” by April 2011 and for NHS bodies to “no longer use identifiable data” wherever possible in work not related to direct care.

Iain Bourne, general manager in the policy delivery team at the Information Commissioner’s Office, said trusts risked breaching the Data Protection Act if they failed to adopt pseudonymisation.

NHS Confederation senior policy manager Frances Blunden backed the project’s aims but said: “Achieving compliance relies not only on individual trusts having the right processes and approaches embedded in the organisation, but also in changing staff attitudes and practices, many of whom will be senior clinicians. That is no excuse but it does explain some of the pace of progress.”

A DH spokeswoman said the department was making “good progress” in ensuring data could be shared while preserving confidentiality.

She said: “All remaining trusts should have plans to meet the requirement as soon as is practicable.”