OK, they say it's secure - they say only staff trained in information governance will access it - but is that a good enough security measure? They say only if a patient is on a practitioner's caseload will that healthcare professional be able to see the data - but that's a loose definition..