The loss of sensitive patient details by five NHS trusts has prompted a security warning from the the Information Commissioner’s Office (ICO).
ICO enforcement head Sally-Anne Poole: ‘These five cases serve as a reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security.’
The five trusts were:
- Surrey and Sussex Healthcare NHS Trust - information about 23 patients on a trust ward handover sheet was found on a bus, and two unencrypted laptop computers were stolen.
- The Royal Free Hampstead NHS Trust - unencrypted compact disk with medical treatment details of 20,000 patients was lost from the hospital’s cardiology department.
- Chelsea and Westminster Hospita NHS Foundation Trustl - unencrypted memory stick containing details of 143 patients stolen from an unlocked office used as a walk-in clinic.
- Epsom and St Helier University Hospitals NHS Trust - stored records insecurely for nearly two years after data was transferred between hospitals.
- Hampshire Partnership NHS Foundation Trust - unencrypted laptop computer holding personal details of 349 patients and 258 staff was lost.
The Royal Free Hampstead NHS Trust said: ‘When the CD was created there was no NHS requirement for data to be encrypted. Now encryption software is used to protect portable media and files being sent by email.’