NHS data losses under fire

The NHS has lost medical data on tens of thousands of patients, prompting an urgent review of data management practices.

Information Commissioner Richard Thomas has ordered a review of security in the health service after being forced to take action against 14 NHS bodies over the last six months for breaching data regulations.

At least two serious breaches have been reported in Yorkshire in recent months, including the loss of a computer memory stick containing information on 5,650 patients in Bradford. A secretary at Bradford Teaching Hospitals NHS Foundation Trust resigned last month after she inserted the stick into a computer at Leeds Metropolitan University and forgot to remove it later.

In March confidential medical records with details of 19 seriously ill patients were found in the street two miles from York Hospital, where they were being treated. Elsewhere, an unsecured laptop containing a complete patient database, including the medical histories of 10,000 people, was stolen from a GP's home.

"Medical history is very sensitive personal data, which is likely to cause harm or distress,"  said Mick Gorrill, assistant information commissioner, "The law dictates they must keep this information confidential, but the NHS is by far the biggest offender within the public sector. There needs to be a recognition that this information affects real people and can cause real harm if lost."

David Nicholson, chief executive of the NHS, has written to all senior health managers reminding them of their responsibilities. "Every effort is made to further improve data handling across the NHS. The security measures provided through the NHS IT modernisation programmes will minimise the risk, while the modernisation of systems and services will improve the quality of care provided to patients,” said a spokesman for the Department of Health. 


The spokesman went on to claim that the losses were another reason to plough on with the £12.7 billion National Programme for IT which has centralised electronic patient records at its heart.  "The department is also providing, through the National Programme for IT, electronic patient records systems that are protected by the highest levels of access controls and other security measures, a secure NHS network for exchanging information that is centrally monitored and strongly protected and secure NHS e-mail facilities that encrypts all data in its system."