Privacy watchdog concerned over electronic health records

New data loss highlights vulnerability of digital records

Thomas: concerned about electronic patient records

The Information Commissioner has expressed concern that electronic patient records are not secure enough following the revelation that Lanarkshire NHS patient data was found on a hard drive purchased on eBay.

Speaking to Channel 4 News, Information Commissioner Richard Thomas said that the recent spate of data losses had prompted talks with the NHS on how to ensure adequate privacy practices are in place.

"As we move towards electronic health records across England we do have anxieties. We talk very closely with the NHS to ensure that they are taking security seriously but they've got to be very vigilant indeed to get security right," he said.

The two disks from Lanarkshire NHS trust contained patient data relating to radiology and x-rays, including thumbnails of x-rays and sensitive correspondence.

In a statement, NHS Lanarkshire said the disks were disposed off through an external supplier in 2006, a policy that would now be ended.

"In this instance the hard drives had been subjected to a basic level of data removal by the company and had then been disposed of inappropriately. This was clearly in breach of contract and was wholly unacceptable," said the statement.

A study, funded by BT and Sims Lifecycle Services, also found sensitive information from companies such as Ford, Laura Ashley and Nokia on disks purchased on eBay.