The loss of sensitive patient details by five NHS trusts has prompted a security warning from the the Information Commissioner’s Office.
The trusts are:
- Surrey and Sussex: information about 23 patients on a trust ward handover sheet was found on a bus, and two unencrypted laptop computers were stolen.
- The Royal Free Hampstead: an unencrypted compact disk with medical treatment details of 20,000 patients was lost from the hospital’s cardiology department.
- Chelsea and Westminster Hospital: an unencrypted memory stick containing details of 143 patients was stolen from an unlocked office used as a walk-in clinic.
- Epsom and St Helier University Hospital: it stored records insecurely for nearly two years after data was transferred between hospitals.
- Hampshire Partnership: an unencrypted laptop computer holding personal details of 349 patients and 258 staff was lost.
ICO enforcement head Sally-Anne Poole said: “These five cases serve as a reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security.”
The Royal Free Hampstead NHS Trust said: “When the CD was created there was no NHS requirement for data to be encrypted. Now encryption software is used to protect portable media and files being sent by email.”