Yet another government IT project is in the rough. What's going on, asks Mark Mayne.

The Government has come in for another IT security-related battering recently, following the announcement that patients will now be allowed to opt out of the forthcoming NHS database due to privacy concerns.

Patients have won the right to veto their GP from entering their medical records on to the national database, forcing GPs to ask every patient to give their explicit consent. Patients will be given several weeks to review, call for corrections or amendments to be made to their record before they consent to the upload, or not. However, critics claim that this entire process will be conducted once the data is held on a local server, thus initiating a catch-22 risk of unspecified electronic access and interference.

Opponents of the scheme are concerned that the digitised medical data would be open to hackers, viruses and unauthorised access, while details on mental illness, pregnancy, HIV status, abortions, drug-taking or alcoholism could be mined by police and insurance firms.

So how does the UK Government manage to get IT security so badly wrong? Obviously the sheer size of the National Programme for IT has something to do with this - it has become a £12 billion project to connect more than 30,000 GPs to nearly 300 hospitals, and is said to be the biggest non-military computer procurement in the world.

Also, the public fears digital attacks as yet unknown and does not trust the authorities, possibly due to a lack of transparency and seemingly endless media reports of technical faux pas.

Ultimately, whatever system the UK uses to store millions of people's medical information will be vulnerable to attack. However, irrespective of the technology deployed and its security, if the general public withhold their details from the system, it will become not only the biggest non-military computer procurement in the world, but the biggest non-military failure.