It seems like every week without fail a high profile Public Sector organisation has some kind of serious data breach.
The Press Association has today reported:
“A health board has been rapped by data protection chiefs over two incidents in which patients’ medical records were lost. An unencrypted USB memory stick containing details of 137 patients was lost last June.”
The Information Commissioner’s Office (ICO) ruled that the data loss meant NHS Lothian breached the Data Protection Act.
It has got tot he point where it is getting frustrating writing in our blog about the continual data leaks and breaches from the NHS. It seems like it is accepted that in such a large organisation that these things will happen, but sooner or later someone needs to take control of the issue and introduce nationwide policies and directives to stop this happening in future.
It raises the question, why were the details of 137 patients placed on a memory stick in the first place, and following that why are the memory sticks not encrypted?
Back in May we reported that four NHS Trusts had agreed to adopt encryption after being found in breach of the Data Protection Act by the Information Commissioner’s Office (ICO).
Back then Cambridge University Hospital NHS Foundation Trust lost the medical treatment details of 741 patients, Central Lancashire Primary Care Trust lost medical treatment details of 6,360 patients in Her Majesty’s Prison Preston and Hull & East Yorkshire Hospitals NHS Trust reported the loss of medical treatment details of 2,300 patients.
In a private company such embarrassing incidents would normally lead to a wholesale review of procedures so why should the NHS be any different?
With the advances in technology it is becoming easier and easier to prevent such data losses, to start with it is possible to prevent staff from transferring data onto USB sticks. If it is necessary to use USB devices then it is straight forward to ensure that the data is fully encrypted.
We will continue to report on each breach that occurs in the hope that enough awareness is raised for someone within the NHS to take the necessary action to prevent future data loss of the public’s medical records.