Thepersonal medical records of 4,000 NHS patients have been
lostby Stockport Primary Care Trust, but
health managers have chosen not to inform the individuals
involved.
The records were on a USB stick clipped round the neck of an NHS
employee when they were lost. They contained the names, dates of
birth and details of medical conditions of patients of Stockport
Primary Care Trust, as well as their NHS and trust numbers and
details of their GPs.
The trust has since informed the Department of Health and GPs
about the loss, but news only came to light publicly following a
freedom of information request.
Stockport PCT chief executive Richard Popplewell said steps were
taken to search for the device by retracing the path of the staff
member. But it has not been found.
Popplewell said the loss was an accident rather than any
systematic failing in management. He said the security of the
information had been considered and the data was being carried
personally to avoid having to be sent via email.
Popplewell said a balance had to be drawn between being open
with patients and protecting them from unneccesary concern.
Paul Vlissidis, technical director of ethical security testing
at IT consultancy NCC Group, said, "With such
high levels of vulnerability there is a high chance of becoming
a victim of certain threats, and any organisation that holds
critical, confidential information about their customers and staff
must ensure their networks are secure.
"
It is a common mistake of any organisation to assume they have no
enemies, but anyone could have been interested in the data they
hold."
The Stockport USB stick loss follows a similar loss at a
Nottingham hospital last year. That loss only came to light when a
doctor revealed the incident in the British Medical Journal.