At least 1.8 million sensitive documents went missing across the NHS in just 12 months, reports The Daily Telegraph.
Health records have been dumped in bins, unsecured laptops have gone missing, and private health records have been posted onto the internet, among the data calamaties.
The Information Commissioner's Office is currently demanding new powers to conduct compulsory audits at hospitals and other health bodies.
Figures from reports of Data Protection Act breaches filed by the ICO over 12 months from July 2011 in England, Wales and Northern Ireland, show that 1,779,597 records were reported lost in 16 major incidents involving NHS bodies.
Information Commissioner Christopher Graham has levied fines totalling almost £1 million on NHS bodies over the past six months.
An ICO spokesman said, "The health service holds some of the most sensitive personal information available, so it's vitally important that patients' information is being kept secure."
Earlier this month the ICO said the private sector is "leading the way" on data protection compliance as the public sector continues to struggle, which published a series of reports.
The ICO said "concerns remain" about data protection compliance within the local government sector and the NHS. Findings were included in four reports which summarised the outcomes of over 60 ICO audits carried out in the private, NHS, local and central government sectors.