FourteenNHS Trusts have breached the Data Protection Actin
the past six months, according to the Information Commisioner's
Office (ICO).
Four new cases announced today serve as a "stark reminder" to
all NHS organisations that sensitive patient information is not
always handled with adequate security, said Mick Gorrill, assistant
information commissioner.
Cambridge University Hospital NHS Foundation Trust, Central
Lancashire Primary Care Trust, North West London Hospitals NHS
Trust and Hull & East Yorkshire Hospitals NHS Trust have all
signed
formal undertakings to process personal information in line
with the Data Protection Act.
In these latest cases staff members accesses patient records
without authorisation and at times failed to adhere to policies for
protecting this information in transit, said Gorrill.
The ICO said data protection should be a matter of good
corporate governance and executive teams must ensure they have the
right procedures in place to protect the personal information
entrusted to them.
NHS organisations "risk losing the confidence of patients and
their families", said Gorrill.
He singled out the Central Lancashire Primary Care Trust for
losing a memory stick containing medical treatment details of over
6,000 prison patients.
The memory stick was encrypted, but the details could be
accessed using the password on a note attached to the device.
"There is little point in encrypting a portable media device and
then attaching a password to it," said Gorrill.