The NHS has been openly criticised by the Information Commissioner’s Office (ICO) for its unacceptable catalogue of high profile data loss scandals in breach of the Data Protection Act.
The NHS Trust most recently involved in a serious data loss incident operates in Basingstoke and North Hampshire. This time the vulnerabilities of its policies were exposed after a spreadsheet filled with personal details relating to nearly 1000 patients was emailed using an insecure account in order to initiate an inter-departmental transfer of the data.
A second NHS Trust, this time operating in Stoke-on-Trent, was forced to announce that, thanks to a filing error, the details of nearly 2000 physiotherapy patients could have easily been lost or erased due to negligence.
The ICO has used its powers to secure signed undertakings from the heads of both trusts. These should ensure that the policies relating to the handling private data do not result in further contraventions of the Data Protection Act.
25 per cent of data related incidents of which the ICO is notified originate from within the NHS, according to the ICO’s Mick Gorrill. Mr Gorrill said that the NHS would have to take seriously the threats posed to its patient data in order to prevent the seemingly perpetual procession of data breaches, loss and theft from within the organisation.
Mr Gorrill said that it would be unreasonable for the NHS to dismiss every incident of data loss as a simple mistake caused by human error, suggesting instead that fundamental changes need to be made to grass roots policies and procedures.
A particular focus on the protection of data when it is being transferred between departments is required by the ICO. Without appropriate protection it believes that the personal details of thousands more UK patients could easily slip through the net and it seems that the industry watchdog believes that it is only a matter of time before the NHS is forced to respond to yet another damaging data loss incident.
