The loss of sensitive patient details by five NHS trusts has prompted a security warning from the the Information Commissioner’s Office.
The trusts are:
- Surrey and Sussex: information about 23 patients on a trust ward handover sheet was found on a bus, and two unencrypted laptop computers were stolen.
- The Royal Free Hampstead: an unencrypted compact disk with medical treatment details of 20,000 patients was lost from the hospital’s cardiology department.
- Chelsea and Westminster Hospital: an unencrypted memory stick containing details of 143 patients was stolen from an unlocked office used as a walk-in clinic.
- Epsom and St Helier University Hospital: it stored records insecurely for nearly two years after data was transferred between hospitals.
- Hampshire Partnership: an unencrypted laptop computer holding personal details of 349 patients and 258 staff was lost.
ICO enforcement head Sally-Anne Poole said: “These five cases serve as a reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security.”
The Royal Free Hampstead NHS Trust said: “When the CD was created there was no NHS requirement for data to be encrypted. Now encryption software is used to protect portable media and files being sent by email.”
No comments yet