The government may be promising an NHS information “revolution” but events suggest Kent and Surrey is not quite ready to storm the Bastille.
Two NHS trusts and a primary care trust in the South East Coast region have been singled out for laxness when it comes to information security in the space of less than a month.
In mid-September it was revealed that NHS Eastern and Coastal Kent had sent a CD containing the personal details of 1.6 million patients to a landfill site. A filing cabinet containing the CD was accidentally disposed of during an office move in March.
The report added that the PCT “did take steps to attempt to retrieve the filing cabinet”, suggesting a trip to the tip took place. The cabinet, however, was “unable to be recovered”.
Last week it was revealed that Dartford and Gravesham Trust had accidentally destroyed 10,000 archived staff and patient records in December, after putting them in a disposal room because of lack of space in dedicated storage areas.
But the case that really hit the headlines involved Surrey and Sussex Healthcare Trust, even though it actually involved the loss of fewer records than the examples above.
Board papers revealed that an unencrypted memory stick containing data on 800 patients went missing in September 2010. Trust chief executive Michael Wilson said he had “not been informed that the data on the stick has been passed to or found by any third parties”.
Perhaps the information commissioner, whose head office is in Cheshire, should consider opening a branch south of the Thames.