NHS trusts breach Data Protection Act with patient records

News

NHS trusts breach Data Protection Act with patient records

Warwick Ashford

Fourteen NHS Trusts have breached the Data Protection Act in the past six months, according to the Information Commisioner's Office (ICO).

Four new cases announced today serve as a "stark reminder" to all NHS organisations that sensitive patient information is not always handled with adequate security, said Mick Gorrill, assistant information commissioner.

Cambridge University Hospital NHS Foundation Trust, Central Lancashire Primary Care Trust, North West London Hospitals NHS Trust and Hull & East Yorkshire Hospitals NHS Trust have all signed formal undertakings to process personal information in line with the Data Protection Act.

In these latest cases staff members accesses patient records without authorisation and at times failed to adhere to policies for protecting this information in transit, said Gorrill.

The ICO said data protection should be a matter of good corporate governance and executive teams must ensure they have the right procedures in place to protect the personal information entrusted to them.

NHS organisations "risk losing the confidence of patients and their families", said Gorrill.

He singled out the Central Lancashire Primary Care Trust for losing a memory stick containing medical treatment details of over 6,000 prison patients.

The memory stick was encrypted, but the details could be accessed using the password on a note attached to the device.

"There is little point in encrypting a portable media device and then attaching a password to it," said Gorrill.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy