Privacy watchdog the Information Commissioner's Office (ICO) has found five more NHS organisations in breach of the Data Protection Act.

The Royal Free Hampstead NHS Trust reported the loss of an unencrypted CD initially thought to contain medical treatment details of 20,000 patients from the hospital’s cardiology department.

Chelsea and Westminster Hospital Foundation Trust reported the theft of an unencrypted memory stick containing 143 patient details including sensitive medical information.

And Epsom and St Helier University Hospital NHS Foundation Trust has been storing hospital records insecurely for nearly two years following data being transferred between hospitals.

A ward handover sheet, containing information relating to 23 patients in the care of Surrey and Sussex NHS Trust, was found on a bus. The trust also reported the theft of two unencrypted laptops.

Hampshire Partnership NHS Trust informed the ICO about the theft of an unencrypted laptop computer holding the personal data of 349 patients and 258 staff. The laptop was stolen from an employee attending a health conference.

Some of the information was classified as sensitive personal data as defined in Section 2 of the Data Protection Act.

The NHS bodies have agreed to implement the appropriate security measures to ensure that personal details are properly protected by establishing physical safeguards, training staff and encrypting hardware.

“These five cases serve as a reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security. It is important that staff adhere to policies designed to protect individuals’ sensitive information," said Sally-Anne Poole, head of enforcement and investigations at the ICO.

In February the NHS was found to be responsible for more than 100 data breaches out of 277 reported in the previous three months. And in May, the ICO issued a further warning to the NHS over its lax attitude to data security.