The move is among a raft of measures announced as the government rushed out proposals following the WannaCry cyber-attack on the NHS last month – and a series of previously shelved reports on the issue.
This will see Windows XP and other unsupported systems being phased out and all NHS organisations required to adopt national data security standards as part of the NHS Contract.
The reports also dealt with the issues surrounding the aborted Care.data project and the use of “big data” for research.
There will be “severe” penalties for attempting to identify individuals from anonymised data while the public will be given new rights to have access to and control over their data, the government promised. This will include the ability to track the use of personal data for research – a function to be introduced by March 2020.
But GP leaders said they were not sure the proposals provided enough protection for their patients – who may lose the right to opt out in advance from big data research.
Meanwhile the National Data Guardian, currently Dame Fiona Caldicott, will become a statutory post.
Health Minister Lord O’Shaughnessy said: “The NHS has a long history of safeguarding confidential data, but with the growing threat of cyber-attacks including the WannaCry ransomware attack in May, this government has acted to protect information across the NHS.
“Only by leading cultural change and backing organisations to drive up security standards across the health and social care system can we build the resilience the NHS needs in the face of a global threat.”
Dr John Chisholm, chair of the British Medical Association’s ethics committee, welcomed the moves – but warned that they would mean removing the right of GP patients to prevent their details being sent to NHS Digital.
He said: “Doctors have serious concerns about the removal of patients’ right to opt out of having their details sent from their GP surgery to NHS Digital, without first putting in place the necessary protections and guarantees about how this information will be used.”
He added: “The current arrangement between NHS Digital and the Home Office, in which the Home Office can request confidential patient information for immigration purposes, is undermining patient trust in how their confidential information is used.”
Royal College of GPs chair Professor Helen Stokes-Lampard said the cyber-attack had been a “wake-up call”.
She said: “What is essential is that the NHS is beyond reproach when it comes to the use of patient data for any purpose, that patients have trust in the way their data is being used, and that they are confident it will be kept secure.
“We still need to do more to get the message across to patients about the great potential benefits of data-sharing, and reassure them that their data really will be secure, and used responsibly for the benefit of everyone’s health.”