Data security experts are calling for a complete ban on USB memory sticks from the NHS in order to reduce the risk of exposure and theft posed to private patient data.
In the weeks before the Information Commissioner’s Office (ICO) receives new powers to levy half a million pound fines against firms that breach the regulations relating to data protection, members of ISEEU Global have suggested that the best way for the NHS to avoid such a penalty would be to outlaw the use of USB storage devices.
ISEEU director Phil Bullivant told HES that the NHS had a damaging track record of data loss and theft which was not deemed to be acceptable by experts or by the public. Mr Bullivant said that the combined total incidents of data loss in the private sector was matched by the number experienced by the NHS in recent years.
Recent data losses in Surrey and Middlesex saw thousands of cancer patients exposed as three USB storage devices went missing. The unencrypted drives were fully accessible to anyone who found them, as the data was stored in a series of Word documents, accessible by virtually any computer.
Mr Bullivant said that the continued use of USB and other portable storage devices had proved to be disastrous for the NHS in the past and would continue to have an impact on the reputation of the organisation and the lives of its patients if it did not take action.
Mr Bullivant suggests that the repeated impact of data loss through portable storage should encourage managers within the NHS to more heavily rely upon their internal IT systems for the transfer and storage of private patient data.
He also said that giving NHS staff the means to remotely access the data that they need from day to day over a secure connection was far more practical than giving them a USB drive and assuming that patient safety will not be compromised.
The NHS is a national institution that ISEEU Global believes could benefit from an overhauled infrastructure in relation to data protection and security and it suggests that switching from portable storage to a remotely accessible system is a good start.
