UK NEWS

HOW THE NHS IS LOSING PRIVATE DATA EVERY DAY

SECURITY BREACH: The NHS is losing patient records daily

Tuesday May 26,2009

By Laura Clout

THE NHS is losing the sensitive medical records of tens of thousands of patients – with a serious data blunder occurring almost every day.

In the first four months of this year alone the NHS reported 140 security breaches, leaving patients vulnerable to identity fraudsters and criminals.

In 14 cases over the last six months the Information Commissioner has been forced to take action against NHS bosses for breaching data regulations.

The errors have raised further questions over the Government’s proposed £12.4billion centralised medical records system.

The National Programme for IT, which has already been beset by delays and controversy, would hold the records of every man, woman and child in the country.

Commissioner Richard Thomas is so concerned about the breaches, that he has ordered an urgent review of data security in the health service.

He has written to the Department of Health calling for immediate improvements and plans to send in a “crack team” of inspectors to examine how data is protected.

One GP downloaded a complete patient database, including the medical histories of 10,000 people, on to an unsecured laptop.

The laptop was then said to have been stolen from his home and never retrieved.

In another breach, a memory stick containing the medical histories of 6,360 inmates and ex-inmates of Preston prison was lost.

Though the data was encrypted, the password was written on a note taped to the device.

And Camden Primary Care Trust found itself having to explain how computers containing the data of 2,500 people, their addresses and medical diagnoses, were left beside a skip in the grounds of the hospital. The computers, later vanished and have not been recovered.

Mick Gorrill, Assistant Information Commissioner, warned of a “complete disconnect” between procedures laid down by managers and practice “on the ground”.

He said: “In these latest cases staff members have accessed patient records without authorisation and on occasions, have failed to adhere to policies to protect such information in transit. There is little point in encrypting a portable media device and then attaching the password to it.”

A spokesman for the anti ID cards pressure group NO2ID, said: “Until there is a root-and-branch change of culture within the public and private sectors, institutions and companies will continue to play Russian roulette with our lives by carelessly mishandling information.”