An NHS trust has done it again – losing 800 confidential patient records on an unencrypted memory stick.
The Surrey and Sussex Healthcare NHS Trust patient records were lost in September 2010. Shockingly, the details were on an unencrypted memory stick and worse, the 800 affected patients were never told. Leaked details include full name, date of birth and operation details.
Although the Trust claims that those responsible faced disciplinary hearings and have now had further training, it gives credence to a point about human error. Whether legislation is there or not to insist on encrypted, secure hardware as standard, it still just takes one chink in the armour for a disaster like this to happen.
Chief exec Michael Wilson span the usual line but did not explain why patients weren’t told. According to The Crawley Observer, he said: “We take the confidentiality of patient information extremely seriously. All staff should always use encrypted memory sticks when transferring patient data. It is regrettable that this didn’t happen on this occasion and the member of staff has been taken through the Trust’s disciplinary procedures and has received further training.”
There were other instances where information was mishandled or lost, but later found. That too was recorded in the annual 2010/2011 report.
Talking to TechEye, Maria Fort, a spokesperson for privacy advocates Big Brother Watch, says the whole fiasco is rather telling of the mindset at the NHS. “This is yet another blatant example of the NHS failing to grasp the importance of data protection,” she begins. ” The security measures and training in place are clearly inadequate, and failing to inform the affected patients of this breach of data protection is irresponsible and unacceptable. “
Fort agrees that the NHS appears blasé about the deeply personal information at stake: “It is deeply concerning that personal information has been treated with such a careless attitude, posing a significant risk to the privacy of patients in their care.
“We at Big Brother Watch are aware that breaches of data protection in the NHS occur far too often. We have and will continue to call for greater emphasis to be placed on training and security to prevent further incidents.”