Fourteen NHS Trusts have breached the Data Protection Act in the past six months, according to the Information Commisioner's Office (ICO).
Four new cases announced today serve as a "stark reminder" to all NHS organisations that sensitive patient information is not always handled with adequate security, said Mick Gorrill, assistant information commissioner.
Cambridge University Hospital NHS Foundation Trust, Central Lancashire Primary Care Trust, North West London Hospitals NHS Trust and Hull & East Yorkshire Hospitals NHS Trust have all signed formal undertakings to process personal information in line with the Data Protection Act.
In these latest cases staff members accesses patient records without authorisation and at times failed to adhere to policies for protecting this information in transit, said Gorrill.
The ICO said data protection should be a matter of good corporate governance and executive teams must ensure they have the right procedures in place to protect the personal information entrusted to them.
NHS organisations "risk losing the confidence of patients and their families", said Gorrill.
He singled out the Central Lancashire Primary Care Trust for losing a memory stick containing medical treatment details of over 6,000 prison patients.
The memory stick was encrypted, but the details could be accessed using the password on a note attached to the device.
"There is little point in encrypting a portable media device and then attaching a password to it," said Gorrill.