NHS told to tighten data security

http://news.bbc.co.uk/go/rss/-/1/hi/uk/8066609.stm

Version 0 of 1.

The information commissioner has told the NHS to improve its data security, after breaches involving the loss of thousands of personal medical records.

The independent data security watchdog says it has taken action against 14 NHS organisations in the last six months.

Among the data subject to breaches were the medical details of more than 6,000 prisoners and of 700 hospital patients.

A Department of Health spokesman said action would be taken against anyone who breached data protection rules.

'Inexcusable'

Information Commissioner Richard Thomas has written to the Department of Health's top civil servant requesting immediate improvement.

Mick Gorrill, the assistant information commissioner, told the Independent newspaper that the "inexcusable" data losses within the NHS had become a cause of "great concern".

The paper reported that between January and April this year there were 140 reported security breaches within the NHS - more than from central government and local authorities combined.

These included medical details of more than 6,000 prisoners in Preston Prison in Lancashire that were contained on a lost memory stick. The data was encrypted but a note attached to the stick gave the password.

Another memory stick with the details of more than 700 patients at Cambridge University Hospital was left in a vehicle. A car wash attendant was able to access the unencrypted material.

'Secure network'

A Department of Health spokesman said the permanent secretary at the department would be replying "in due course" to Mr Thomas's concerns and that action would be taken "against anyone responsible for breaching our strict data protection rules".

"The chief executive of the NHS wrote to all senior health managers reminding them of their responsibilities," he said.

"The department is also providing, through the National Programme for IT, electronic patient records systems that are protected by the highest levels of access controls and other security measures, a secure NHS network for exchanging information that is centrally monitored and strongly protected and secure NHS e-mail facilities that encrypts all data in its system."

In December 2007, nine NHS trusts in England admitted losing patient records, thought to affect hundreds of thousands of adults and children.