17 Jul 2009
Privacy watchdog the Information Commissioner's Office (ICO) has found five more NHS organisations in breach of the Data Protection Act.
The Royal Free Hampstead NHS Trust reported the loss of an unencrypted CD initially thought to contain medical treatment details of 20,000 patients from the hospital’s cardiology department.
Further reading
Chelsea and Westminster Hospital Foundation Trust reported the theft of an unencrypted memory stick containing 143 patient details including sensitive medical information.
And Epsom and St Helier University Hospital NHS Foundation Trust has been storing hospital records insecurely for nearly two years following data being transferred between hospitals.
A ward handover sheet, containing information relating to 23 patients in the care of Surrey and Sussex NHS Trust, was found on a bus. The trust also reported the theft of two unencrypted laptops.
Hampshire Partnership NHS Trust informed the ICO about the theft of an unencrypted laptop computer holding the personal data of 349 patients and 258 staff. The laptop was stolen from an employee attending a health conference.
Some of the information was classified as sensitive personal data as defined in Section 2 of the Data Protection Act.
The NHS bodies have agreed to implement the appropriate security measures to ensure that personal details are properly protected by establishing physical safeguards, training staff and encrypting hardware.
“These five cases serve as a reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security. It is important that staff adhere to policies designed to protect individuals’ sensitive information," said Sally-Anne Poole, head of enforcement and investigations at the ICO.
In February the NHS was found to be responsible for more than 100 data breaches out of 277 reported in the previous three months. And in May, the ICO issued a further warning to the NHS over its lax attitude to data security.
Purely off the wall this but....
Such events merely (without trivializing) highlight the human capacity to ERR big(gish) time. Is it not possible for tech to help? If info systems from local networks through to mobile devices had a sense of where they are and their status as currently carrying sensitive data recognised through digital IDs - plus additional meta-dynamic data, then cogeographic awareness might result? I blogged about this with ref to conceptual spaces -
http://hodges-model.blogspot.com/2009/07/cogeographic-or-cogneographic-concepts.html
This would be an artificial example and would make it possible for data previously designated as confidential to self-destruct - 'e-vaporate' if it found itself beyond a given combined virtual environment and . or physical environment hospital, Trust boundary, SHA, National border...? This facility already exists no doubt in security services - as suggested in the realms of MI and 007? Cogeographic or (cogneographic) may be a neologism but seeks to conjoin the cognitive (cognition) involved in defining, representing and using concepts in conceptual spaces; AND the finding that knowledge is invariably situated - that is knowledge has a geography. Copies of NHS - personal! - data could have a geography too...?
Regards
Peter Jones
(Hodges' health care domains model)
Lancashire
UK
--
http://hodges-model.blogspot.com/
Hodges Health Career - Care Domains - Model
http://www.p-jones.demon.co.uk/
h2cm: help 2C more - help 2 listen - help 2 care
http://twitter.com/h2cm
P.S. Amid the emergence of renewed debate about the future of e-health records, clinicians may have a professional duty to demand no less ...?
Posted by: Peter Jones 19 Jul 2009
As an IT Professional in the NHS i fail to see why the patient data was copied onto memory sticks and CD in the first place.Let alone how it was possible. If it's for valid NHS use why were the persons accessing this data not referencing it at source thereby avoiding duplicaton of data? Copying patient data to other devices which can be lost is just negligent and irresponsible. In my area of work all staff are made aware of their responsibilties under the DPA and also left in no douibt about their accountability should a breach occur. One of the few approved methods of transmitting patient identifiable data is the NHS Mail service. This is available only to NHS employees and approved government agencies. It is fully encrypted end to end and free to use.
Posted by: Trevor Bewick 18 Jul 2009
Purely off the wall this but....
Such events merely (without trivializing) highlight the human capacity to ERR biggish time. Is it not possible for tech to help? If info systems through to mobile devices had a sense of where they are and their status as carrying sensitive data recognised through digital IDs - plus additional meta-dynamic data, then 'cogeographic awareness' might result? I blogged about this with ref to conceptual spaces -
http://hodges-model.blogspot.com/2009/07/cogeographic-or-cogneographic-concepts.html
This would be an artificial example and might help make it possible for data previously designated as confidential to self-destruct -
'e-vaporate' no less
- if it found itself beyond a given combined virtual environment and . or physical environment hospital, Trust boundary, SHA, National border...? This facility already exists no doubt in security services - as suggested in the realms of MI and 007. Cogeographic or (cogneographic) may be a neologism but seeks to conjoin the cognitive (cognition) involved in defining, representing and using concepts in conceptual spaces; AND the finding that knowledge is invariably situated - that is knowledge has a geography. Copies of NHS data could have a geography too...?
Regards
Peter Jones
(Hodges' health care domains model)
Lancashire
UK
--
http://hodges-model.blogspot.com/
Hodges Health Career - Care Domains - Model
http://www.p-jones.demon.co.uk/
h2cm: help 2C more - help 2 listen - help 2 care
http://twitter.com/h2cm
Posted by: Peter Jones 18 Jul 2009
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
