Your browser is no longer supported

For the best possible experience using our website we recommend you upgrade to a newer version or another browser.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

Health board criticised over lost patient records

  • Comment

The data protection watchdog has criticised a health board in Scotland over two incidents in which patients’ medical records were lost.

NHS Lothian breached the Data Protection Act when an unencrypted USB memory stick containing details of 137 patients was lost last June, the Information Commissioner’s Office (ICO) ruled.

The incident occurred because the data storage device belonged to an employee and should not have been used to store personal data held by NHS Lothian.

The ICO also came down on the board over another incident in June 2008 when a document wallet containing 25 paper files about patients was left in a shop.

It was found that employees failed to comply with NHS Lothian security requirements in both cases. The health board has said it is now taking steps to improve data protection security, including ensuring that portable and mobile devices such as memory sticks are encrypted.

Ken Macdonald, assistant information commissioner Scotland, said: ‘Personal information has a value. It is vital that people’s personal details are handled securely in line with the Data Protection Act.

‘I am pleased that NHS Lothian is taking remedial action to improve data security.’

  • Comment

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions. Links may be included in your comments but HTML is not permitted.