It is human failure. However the technology is what enables the humans to fail to quite such an extent. For instance, leaving your briefcase on the train is nothing new and has happened for decades. It's only the technology that enables that briefcase to contain thousands and thousands and thousands and thousands and thousands of records where before it could have held about fifty. Humans are fallible. As such, no fallible human should be in a position where they CAN 'just lose' that amount of sensitive data. I don't want online health records. Not nationwide anyway. I could just about deal with, for instance, my GP surgery sharing a precis of vital and current details (medications, ongoing conditions, allergies and so on) with the nearest hospital on the basis that it's the A&E I'm likely to turn up at if I have a mishap. But a nationwide system - it'll be held together with duct tape and creaking at the sides. Think about the numbers. 61 million patient records. 1.3 million NHS employees all of whom need different degrees of access to different levels of those records (eg a secretary needs to see your address, your cardiac specialist needs to see your test results, your GP needs to see your entire medical history). Who knows how many "special cases", royalty, the Cabinet and so on, who either won't be on it or will require another layer or two of security. Furthermore, compared to paper records, the risk/reward ratio shoots up. Paper records at your GP surgery, yeah, someone could break in, try and jimmy the filing cabinets before the police arrive, and abscond with an armful of files. You need a determined burglar to try that and he gets one shot at grabbing maybe a dozen files. Whereas online... any number of hackers will be swarming all over it from day one, some for profit and others just for fun. And as soon as one gets in - from a masked address, so no police swooping in for quite some time - they'll be able to copy and redistribute whatever they like, wherever they like. All the bonuses of online records, easy search, fast access, any one from any where, suddenly these all become security hazards. How do you test a thing like that? Answer: you can't. You can only wallop it out there, hope for the best, and pray that you can afford a massive team of top-end specialists to try and fix the vulnerabilities as the hackers, not to mention the 1.3 million brand-new ooh-this-is-a-new-system I'm-not-sure-how-to-do-this-bit users, find or create them. Microsoft has that kind of money and resource. The NHS doesn't.