NHS warned again over lax data security

Information Commissioner writes to Department of Health demanding improvements in public sector's "worst offender"

Too many NHS trusts have lost data

The Information Commissioner’s Office (ICO) has issued a further warning to the NHS over its lax attitude to data security.

According to a report in The Independent, Information Commissioner Richard Thomas has written to the Department of Health's permanent secretary, Hugh Taylor, demanding improvements in the NHS.

Last month, the ICO formally reminded NHS bodies of the importance of data security after finding four trusts guilty of breaching the Data Protection Act – bringing the total number of NHS organisations targeted for regulatory action to 14 in just six months.

Assistant Information Commissioner Mick Gorrill told The Independent that the NHS was the biggest data protection offender in the public sector, and blamed a “cavalier attitude” among NHS staff for the “inexcusable” data losses.

The four trusts found guilty last month were forced to agree to encrypt all portable and mobile devices.

Cambridge University Hospital NHS Foundation Trust lost the medical treatment details of 741 patients after a member of staff downloaded details onto a private memory stick without the trust's knowledge.

Central Lancashire Primary Care Trust lost an encrypted memory stick containing medical treatment details of 6,360 patient in Her Majesty's Prison Preston.

The North West London Hospitals NHS Trust reported the theft of two laptops and in a separate incident, the theft of a desktop computer, in total containing the details of test results and hospital numbers of 361 patients.

And Hull & East Yorkshire Hospitals NHS Trust reported two incidents resulting in the loss and theft of a desktop computer and disused laptop in total containing unencrypted medical treatment details of 2,300 patients.