The loss of sensitive patient details by five NHS trusts has prompted a security warning from the the Information Commissioner’s Office.

The trusts are:

  • Surrey and Sussex: information about 23 patients on a trust ward handover sheet was found on a bus, and two unencrypted laptop computers were stolen.
  • The Royal Free Hampstead: an unencrypted compact disk with medical treatment details of 20,000 patients was lost from the hospital’s cardiology department.
  • Chelsea and Westminster Hospital: an unencrypted memory stick containing details of 143 patients was stolen from an unlocked office used as a walk-in clinic.
  • Epsom and St Helier University Hospital: it stored records insecurely for nearly two years after data was transferred between hospitals.
  • Hampshire Partnership: an unencrypted laptop computer holding personal details of 349 patients and 258 staff was lost.

ICO enforcement head Sally-Anne Poole said: “These five cases serve as a reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security.”

The Royal Free Hampstead NHS Trust said: “When the CD was created there was no NHS requirement for data to be encrypted. Now encryption software is used to protect portable media and files being sent by email.”