Apatient data-securityscare
atNottingham University Hospitals Trusthas been caused by the theft of a USB memory stick from a
junior doctor there.
It is common practice at the hospital to allow doctors to carry
patient data around with them on USB sticks, and, the theft has
come to light after a doctor at the hospital wrote to the
British Medical Journal about the
theft.
He said, "Current working hours for junior staff mean that
effective patient handovers are critical.
Handwritten sheets have been superseded by
electronic storage of patient data available to the clinical
team.
"USB sticks have greater security risks than other media due to
their size, storage capacity, and convenience. Trust policy states
that confidential data should be stored on
128-bit
encrypted USB sticks with "if found" labels on them, and be
used solely on the trust's computers."
He said, "Recently, confidential patient data held on an
unprotected USB stick were stolen. The trust had to inform the
patient and face liability for distress or damage caused, along
with public condemnation."
Calum Macleod, European director for data protection firm
Cyber-Ark, said, "Enforcing
a policy of encrypting patient data stored on USB sticks is almost
impossible, so it is hardly surprising that there should be a
security scare over the theft of a stick from a junior doctor."
Macleod said the hospitals trust should instead consider only
storing the data centrally on a secure server and then have the
medical staff access that encrypted information across a computer
network.
Though this would mean less data access mobility, it would fully
protect patient privacy and protect the Trust from legal action, he
said.
NHS gets cheaper calls with VoIP upgrade >>
Nac growth sluggish as companies consider network security
>>
Cisco unified comms systems allow denial of service attacks
>>
Comment on this article:
computer.weekly@rbi.co.uk