PERFORMANCE: The security of hundreds of patients’ confidential details was compromised when a memory stick containing the data went missing, a healthcare trust has admitted.
Surrey and Sussex Healthcare Trust reported the breach to the Information Commissioner’s Office shortly after the unencrypted memory stick was lost late last year.
An ICO spokeswoman said: “After investigating the breach, the ICO warned the organisation that their policy covering the storage and use of personal data must be followed by staff and the trust must make sure their staff are appropriately trained on how to follow it.
“The trust was also warned that any repetition of such an incident may result in formal regulatory action.”
It follows yesterday’s report that Dartford and Gravesham Trust had accidentally destroyed 10,000 archived records and failed to realise its mistake until three months later.
The records, which should have been kept in a dedicated storage area, were put in a disposal room due to a lack of space and then destroyed by mistake between 28 and 31 December last year, the ICO said.
Michael Wilson, chief executive of Surrey and Sussex Healthcare Trust, said the member of staff involved has been disciplined and received further training.
He added: “I would like to reassure patients that we take the confidentiality of patient information extremely seriously.
“The memory stick in question was lost last September, before I joined the trust, when the trust’s policy was that all staff should always use encrypted memory sticks when transferring patient data.
“It is regrettable that this didn’t happen on this occasion and since then we have put in place new measures that mean that now only encrypted memory sticks can be used with trust computers.
“We have not been informed that the data on the stick has been passed to or found by any third parties.”
Source
Press Association
Source date
October 2011
No comments yet