We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,131 News Articles

NHS patient records warning from Information Commissioner

ICO says culture change still required to ensure security

The Information Commissioner's Office has warned NHS trusts to take much more assertive steps to protect patient records.

The warning comes as ICO found five health organisations had seriously breached the Data Protection Act. Electronic patient records are being rolled out across the country, both within and outside the troubled £11.7 billion NHS National Programme for IT.

A recent Public Accounts Committee hearing into the programme saw officials at the Department of Health disclose that 800,000 clinicians are able to log in to the patient records systems within the National Programme alone - although the officials also gave a detailed defence of the security in place. The ICO is working with Connecting for Health, which is in charge of the NHS National Programme, to help guide trusts on security.

Five NHS trusts have been issued with ICO undertakings, all of which the data protection body said "relate to incidents where they failed to take appropriate steps to ensure that sensitive personal information was kept secure".

Among the undertakings, East Midlands Ambulance Service NHS Trust lost an unencrypted memory stick containing sensitive personal data relating to a number of patients. Additionally, Dunelm Medical Practice in Durham sent out two patients' electronic discharge letters, containing sensitive personal data, including medical information.

Procedures around paper records were also brought to light by ICO, after Basildon and Thurrock University Hospitals NHS Foundation Trust sent out a fax with personal patient data to the wrong recipient, Ipswich Hospital NHS Trust left 29 patient records in a public place, and Lancashire Teaching Hospitals NHS Foundation Trust faxed sensitive personal data to a member of the public on several occasions.

"The health service holds some of the most sensitive personal information of any sector in the UK," said Information Commissioner Christopher Graham. "Millions of records are constantly being accessed and we appreciate that there will be occasions where human error occurs."

He said there needed to be a "culture change" and added: "The policies and procedures may already be in place but the fact is that they are not being followed on the ground. Health workers wouldn't dream of discussing patient information openly with friends and yet they continue to put information on unencrypted memory sticks or fax it to the wrong number."


IDG UK Sites

OnePlus Two release date rumours: Something's happening on 22 July

IDG UK Sites

13in MacBook Air review, Apple's MacBook Air 2014 reviewed

IDG UK Sites

5 reasons to buy an electric car and 5 reasons not to

IDG UK Sites

Evernote Skitch: the best way for creatives to doodle feedback