Loss of 1.3 million medical files in the US - implications for the NHS National Programme for IT

A medical organisation cited by the Department of Health as a reference site for the NHS Care Records Service has been criticised by a US regulator after 1.3 million sensitive files went missing.


Last year the Department of Health announced that Lord Warner, then a minister responsible for the NHS’s £12.4bn National Programme for IT [NPfIT], was setting up a taskforce which would:

“draw on the work in this area done by the Veterans’ Association in the United States which has had for some time a fully operational electronic patient record that benefits patients, doctors and medical education and is fully supported by the people in the medical profession who are involved in it”.

But on 22 January 2007 there was a serious security breach of the US systems that were praised by Lord Warner – systems that support the healthcare given to four million war veterans. A hard drive disappeared and has not been recovered. It contained the medical details of 250,000 veterans and more than one million other healthcare specialists. Much of the sensitive information was not encrypted. Nor was it protected by passwords.

It was the second large-scale data loss at the Department of Veterans Affairs in less than a year.

The Department of Veterans Affairs supports the care of up to four million war veterans and operates across more than 160 hospitals, 800 clinics and 135 nursing homes.

Its security lapse reinforces the trusim that an organisation’s security controls are only effective if people adhere to them and they are properly policed.

The Department of Veterans Affairs had a security policy that banned employees from storing sensitive data on portable devices without encryption. And the policy gave local supervisors the task of protecting sensitive information from unauthorised disclosure.

But when a medical centre for veterans at Birmingham, Alabama, was close to its capacity for storing data and it bought some external hard disc drives to provide extra storage space, a local director did not request encryption software to protect the data held on them.

Instead the director instituted what the US Inspector General said was a less reliable method of`security: relying on employees not to remove external hard drives from the office. The director also expected staff, when not using the drives, to store them in a locked safe.

But these measures were “not adequately monitored by managers to ensure employee compliance”, said a report of the Inspector General. The report added:

“In fact, several employees elected not to store their external hard drives in the safe, and at least one employee took home an external hard drive that contained privacy-protected information concerning Veterans’ Affairs employees.

“Also, there were no records of when the safe was accessed or whether its contents were inventoried and accounted for; access to the safe was not adequately limited; and once an employee opened the safe, that employee had access to all other employees’ external hard drives.”

There’s a further story of the data loss is elsewhere on this blog.

The implications for the NHS?

Whitehall officials strongly defend the security of the large centralised database that is being built as part of the Care Records Service of the National Programme for IT [NPfIT]. NHS Connecting for Health, which runs a major part of the NPfIT, points out that nobody can access it without leaving a trace in the audit trail. But who is going to police the audit trail in a busy NHS. And what if nobody polices it even if they’re supposed to?

Perhaps disciplinary action can be taken against misuses of the database, but by then it may be too late to protect the confidentiality of personal data. If the security at a local GP practice is breached, it will not affect huge numbers of files. But a national database will contain millions of records.

This is one of the lessons of the lapse of security at the Department of Veterans Affairs. It is one of the few healthcare organisations in the world that has very large centralised and regional databases of medical records. So an apparent minor lapse of security can have major implications.

The disappearance of one external hard drive – the sort one can buy in PC World for about £100 – contained 1.3 million sensitive medical records.

In England a loss on this scale could not happen with a breach of security at a GP practice. But the NPfIT’s Care Records Service is due to store 50 million patient records.

The Department of Veterans Affairs had a general policy of ecrypting patient data so that if it were to go missing it could not easily be read. But the controls were not applied properly.

Could the same happen in England?

a) In the NHS, password sharing is endemic and doctors do not always have the time to log on and off computers to protect the integrity of the system.

b) If national systems are made too secure doctors and nurses will not use them.

c) It’s unclear whether the Department of Health will provide enough funds to ensure that money and staff are available to police rigorously the audit trails of the Care Records Service, if a such a national system works.

Perhaps these matters should have discussed openly and honestly before the NPfIT was announced in early 2002.

Computer Weekly asked the Department of Health about the loss of the records at the Department of Veterans Affairs. We also asked the Department of Health about its announcement in 2006 that praised the work in the US on a database of medical records for veterans.

A Department of Health spokesperson said:

“When we set up the Electronic Patient Record System, the ministerial task force drew on the work already done in this area by the Veterans’ Administration in the US, in order to learn more about the strengths and weaknesses of the system.

“In its report on the National Programme for IT last year, the National Audit Office said NHS Connecting for Health has adopted the highest security standards for access to patient information.

“The access controls within the NHS Care Records Service offer sophisticated tools to support organisations’ information sharing policies and will operate alongside underpinning controls such as professional codes of conduct, the NHS Code of Confidentiality and local business processes and codes of conduct.”


Department of Veterans Affairs, Office of Inspector General, Administrative Investigation, Loss of VA Information VA Medical Center, Birmingham, Alabama

1.8 million more people affected by latest Veterans Affairs data loss

May 2006: Millions of health files go missing at Department of Veterans Affairs

Internal report cites ‘indifference’ of security officers

Veterans Affairs patient record system wins innovation in government award

Department of Veterans Affairs

Veterans Health Information Systems and Technology Architecture

The medical records software used by the Department of Veterans Affairs

Report of the ministerial taskforce on the NHS Summary Care Records

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

David H. Marshall

jakegreenchappy @ yahoo.com

On 4 April 2008 the VA was “unable to locate” their copies of this veteran’s since 1956 retained, and that underlie the for 77 others, evidence. Many of the 78 sets of service records were destroyed in the 1973 National Personnel Records Center fire. Congress’s 1974 Privacy Act censored out the names of the 77 other subjects in any surviving records. During an ongoing 18 years, due to the efforts of the Disabled American Veterans, the MA. Veterans Services, The American Legion, the integrity of VA medical and some laymen personnel, this veteran has realized 60% and 100% awards; BACKGROUND.


1952 - 1956 JET AIRCRAFT MECHANICS, AFSC 43131H AND 43151C.


1. APPLEYARD, WILLIAM L. 13 449 079 40. HOWARD, ROY W. 14 451 324

2. BATES, JOE H. 15 494 516 41. HOWARTH, WALLACE R. 23 821 884

3. BAVIS, HARRY G. 12 415 270 42. HURLEY, DAVID W. 12 404 241

4. BERRY, DENNIE 15 258 543 43. IENSE, WILLIAM A. 15 479 741

5. BERSTRON, ELLERY D. 13 435 283 44. IRVIN, JAMES E. 16 418 669

6. BERTRAND, ROBERT E. 11 255 125 45. JANDRON, PAUL J. 21 301 262

7. BONASERA, JOSEPH E. 15 483 745 46. JONES, GLEN R. 14 461 286

8. BONE, J. E. 14 472 383 47. JONES JR, BOBBY 17 360 722

9. BRITTAIN, THOMAS W. 13 447 599 48. JUNG, WESLEY E. 16 411 227

10. BUMPUS, JOE E. 23 029 079 49. JUSTICE, HERMAN M. 14 452 967

11. CADRETTE, EUCLID J. 12 413 469 50. KEAN, RONALD B. 13 445 706

12. CARNEY, JOHN F. 12 413 399 51. KELLY, HAROLD R. 14 472 958

13. CLARK JR, CHESTER H. 14 466 073 52. KELLY JR, GERALD L. 13 432 308

14. CODORI, JOSEPH B. 13 448 426 53. LARKOWSKI, GERALD G. 17 355 455

15. COUNCIL JR, JAMES I. 14 462 043 54. LEWIS JR, FRANKLIN 13 435 401

16. CRISWELL, WILLIAM G. 17 354 196 55. LOCKIEY, REGINAID E. 13 438 068

17. DONALDSON, WILLIAM A. 14 461 332 56. LOGSDON, ELMO W. 15 482 662

18. DUESLER, JOHN H. 12 413 601 57. LONG, EARL T. 13 434 463

19. DUNBAR, LEROY W. 34 020 071 58. LOVE, JERRY K. 14 462 527

20. EWTON, JAMES E. 14 453 187 59. LYCAN, EDWARD S. 19 441 063

21. FLENING, JACK E. 15 480 635 60. MORGAN, WARNER L. 14 456 816

22. FRITZ, JOHN A. C. 24 640 937 61. MULLINS, JIMMY A. 13 512 596

23. GILAM, JAT T. 15 482 630 62. MURPHEY, TALMADGE G. 14 462 360

24. GOMES JR, MANUEL F. 11 252 770 63. MURRAY, WILLIE E. 14 456 355

25. GONES, LEAMON 14 459 715 64. MUSGRAVE PAUL I. 17 358 441

26. GORE, WILLIAM R. 14 459 603 65. OGBORN, GLENN 14 438 675

27. GREEN, LEVI D. 12 413 297 66. OTTLEY, FRANKLIN D. 19 410 160

28. GUILA, MIKE J. 15 483 564 67. RATHJEN. CHARLES 28 211 946

29. GUNSLAUS, DAVID W. 16 413 282 68. REID, BILLY G. 14 424 319

30. HANDLIN, JAMES F. 17 360 724 69. RICHARDSON, JAMES W. 13 429 058

31. HARDING, JERRY L. 14 464 740 70. SANDELL, PHILLIP R. 19 425 133

32. HARTER, JOHN E. 17 367 990 71. SEXTON, FRED B. 14 469 919

33. HENDON, JAMES 18 420 423 72. SHUMATE, RICHARD W. 13 428 826

34. HENDON, JAMES H. 18 420 425 73. VOLLENTINE, DONALD R. 12 415 279

35. HIGNUTT, JESSE L. 13 434 703 74. WALLER, GLENN R. 17 317 517

36. HILL, RAY S. 14 451 229 75. WHITE, SAMUEL L. 14 472 413

37. HINSON, BERT L. 14 474 204 76. WOOD, LEONARD F. 14 387 094

38. HIRSH, DONALD H. 27 963 906 77. ZIEGLER, CARL P. 11 266 421

39. HODGE, JAMES F. 16 420 379


These unprotected flight line personnel were subjected to a then 1952 to 1956 Project 7210 (“contrails.iit.edu” under its search use “TR 54-401") known certain J47-GE-1 jet-engine injury of an at least 87,381 sound pressure multiple (X) at a 158 dB noise level. Fifteen (15) of the 77 were repeatedly exposed to a “warm-up crew” level of over 699,051 X (@ 176 dB). All were injured in direct disobedience of the 1948 Air Force Regulation 160-3 required protection at 95 dB and 59 X!

By this veteran’s 2009 in-hand from 1952 records evidenced is the Project 7210 then 1952-1956 known certain injury for all, e.g., “Had some trouble with hearing while working on warm-up crew for F-86 D with very high noise levels.” The physician’s 29 Jan. 54 USAF Cadet Wing Commander washout statement. Then 2 more physician's ignored 7/29/54 get him off the flight line memo and 7/21/55 do not expose to "loud acoustic trauma". Key examples are the veteran’s in-hand: [1] The 5/7/57 VA Boston Regional Office (RO) requested and then stamped as 6/3/57 received originals of the 6/25/52 to 5/21/56 service records with its 77 other flight line personnel. [2] The RO Rating Board’s 7/9/57 clear and unmistakable error (CUE) of an awarded hearing loss only. [3] Proof of this error is by their 4/26/57 examining, 7/9/57 attending physician’s 4/3/58 submitted evidence resultant USAF SURGEON’S 6/25/58, “PERMANENTLY MEDICALLY DISQUALIFIED FOR MILITARY SERVICE”! And [4] Six (6) months later the 1/22/59, "HONORABLE DISCHARGE" WITH "RECOMMENDED FOR REENLISTMENT - YES". An effective disconnection from service of the many “episode of symptoms (of Menieres Disease)”.

Yet another CUE verification, and the likely 15 others “warm-up crew” disability is, “THE VETERANS SIGNS AND SYMPTOMS OF MENIERES DISEASE CLEARLY ARE DOCUMENTED IN HIS SERVICE RECORD" with the results of “A STRESS REACTION MAY PRECIPIRATE AN EPISODE OF SYMPTOMS (OF MENIERE’S DISEASE), AND CYCLES MAY REPEAT ENDLESSLY”. This is the VA Chief of Otolaryngology’s 9/15/99 statement regarding the since 1861 medically known Meniere’s Disease, with its symptoms of hearing loss, tinnitus plus stress caused episodes of nausea and vertigo. Acting on HMO physician episode advice the veteran returned to the VA in 1991.

The 4 April 2008 Board of Veterans’ Appeals letter was an “unable to locate” their previously in-hand over one foot high stack of from 1952 evidence. Again provided were over 100 VA 8/2/95 “certified” copies of the proof that resulted in the 60% 3/26/04 Menieres disease and 3/8/06 100% unemployability awards. They establish the CUE and underlie the 77 other injuries. In reference to the submissions, a VA 10/16/08 letter noted “...because of insufficient or inaccurate information we cannot identify the proper record.” A from 1957 now 50+ years later, still without the requested Congressional and VA help for the 77 other, at least, sound pressure 87,381X subjects vs. a then required withheld at 59X protection. Your corrective action would be most appreciated. Thank you.