We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

NHS patient records warning from Information Commissioner

ICO says culture change still required to ensure security

The Information Commissioner's Office has warned NHS trusts to take much more assertive steps to protect patient records.

The warning comes as ICO found five health organisations had seriously breached the Data Protection Act. Electronic patient records are being rolled out across the country, both within and outside the troubled £11.7 billion NHS National Programme for IT.

A recent Public Accounts Committee hearing into the programme saw officials at the Department of Health disclose that 800,000 clinicians are able to log in to the patient records systems within the National Programme alone - although the officials also gave a detailed defence of the security in place. The ICO is working with Connecting for Health, which is in charge of the NHS National Programme, to help guide trusts on security.

Five NHS trusts have been issued with ICO undertakings, all of which the data protection body said "relate to incidents where they failed to take appropriate steps to ensure that sensitive personal information was kept secure".

Among the undertakings, East Midlands Ambulance Service NHS Trust lost an unencrypted memory stick containing sensitive personal data relating to a number of patients. Additionally, Dunelm Medical Practice in Durham sent out two patients' electronic discharge letters, containing sensitive personal data, including medical information.

Procedures around paper records were also brought to light by ICO, after Basildon and Thurrock University Hospitals NHS Foundation Trust sent out a fax with personal patient data to the wrong recipient, Ipswich Hospital NHS Trust left 29 patient records in a public place, and Lancashire Teaching Hospitals NHS Foundation Trust faxed sensitive personal data to a member of the public on several occasions.

"The health service holds some of the most sensitive personal information of any sector in the UK," said Information Commissioner Christopher Graham. "Millions of records are constantly being accessed and we appreciate that there will be occasions where human error occurs."

He said there needed to be a "culture change" and added: "The policies and procedures may already be in place but the fact is that they are not being followed on the ground. Health workers wouldn't dream of discussing patient information openly with friends and yet they continue to put information on unencrypted memory sticks or fax it to the wrong number."

IDG UK Sites

How to get a free EE Power Bar: Mobile and broadband customers eligible for free smartphone charger

IDG UK Sites

Why Netflix won't terminate your account for using a VPN, probably

IDG UK Sites

Forever 21 denies pirating Adobe, Autodesk and Corel software, accuses companies of 'bullying'

IDG UK Sites

New Apple TV 2015 release date rumours: Apple's WWDC invite shows Apple TV