Patient data loss forces Trusts to adopt encryption

All four trusts lost patient data

Four NHS trusts have agreed to encrypt all portable and mobile after being found in breach of the Data Protection Act by the Information Commissioner's Office (ICO).

As well as encrypting mobile devices the NHS bodies will ensure a security swipe card system is working at all times and implement new security systems to ensure patient details can not be downloaded by unauthorised personnel.

Mick Gorrill, Assistant Information Commissioner at the ICO, said the cases should serve as a stark reminder to all NHS organisations that patient information is not always handled with adequate security.

"It is a matter of significant concern to us that in the last six months it has been necessary to take regulatory action against 14 NHS organisations for data breaches," he said.

"In these latest cases staff members have accessed patient records without authorisation and on occasions, have failed to adhere to policies to protect such information in transit. There is little point in encrypting a portable media device and then attaching the password to it."

Cambridge University Hospital NHS Foundation Trust lost the medical treatment details of 741 patients after a member of staff downloaded details onto a private memory stick without the trusts's knowledge.

And Central Lancashire Primary Care Trust lost an encrypted memory stick containing medical treatment details of 6,360 patient in Her Majesty's Prison Preston.

The North West London Hospitals NHS Trust reported the theft of two laptops and in a separate incident, the theft of a desktop computer, in total containing the details of test results and hospital numbers of 361 patients.

Hull & East Yorkshire Hospitals NHS Trust reported two incidents resulting in the loss and theft of a desktop computer and disused laptop in total containing unencrypted medical treatment details of 2,300 patients.