PERFORMANCE: University Hospital of South Manchester FT breached the Data Protection Act by losing sensitive personal information relating to the treatment of 87 patients, the Information Commissioner’s Office has said.

The information was lost after a medical student – who had been on a placement at the hospital’s burns and plastics department – copied data onto a personal, unencrypted memory stick for research purposes. The memory stick was then lost by the student during a subsequent placement in December last year.

An ICO investigation found the hospital had assumed the student had received data protection training at medical school and, therefore, did not provide them with the induction training given to their own staff.

The hospital has now agreed to take significant steps to ensure that the personal information accessed by students working at the hospital is kept secure. This includes making sure all students are aware of data protection policies.

Sally Anne Poole, ICO acting head of enforcement said: “Medics handle some of the most sensitive personal information possible and it is vital that they understand the need to keep it secure at all times, especially when they are completing placements at several health organisations.

“NHS bodies have a duty to make sure their staff – both permanent and temporary – understand their responsibilities on day one in the job,” she added.