Skip to content

Management

Technology

Toolbox

Training

Books

White Papers

Webcast

Resource Centre


ComputerworldUK CommunIT

Want to join the UK’s fastest growing dedicated IT community? Enter here to browse the UK’s top usergroups, societies and associations.

Cybercrime & Hacking management > security > news

July 16, 2009

Five NHS Trusts slammed by ICO for breaching Data Protection Act

NHS knuckle-rapped for lax data protection

By Siobhan Chapman, ComputerworldUK

The Information Commissioner’s Office (ICO) has issued more warnings to NHS bodies after five Trusts have been found to breach the Data Protection Act, with one trust leaving patient notes on a bus.

Advert

The latest warnings join a long list of data protection warnings by the NHS, as the ICO once again warned hospital trusts about the importance of data security. In February, three trusts were hit with enforcement action within two weeks.

Five trusts - Royal Free Hampstead, Chelsea and Westminster, Hampshire Partnership, Surrey and Sussex, and Epsom and St Helier — have signed formal undertakings to process personal data legally in future, the ICO said on Tuesday.

In most cases, the data breach involved the loss or theft of IT equipment that contained unencrypted data.

Royal Free Hampstead NHS Trust lost an unencrypted compact disk containing the 20,000 cardiology patients’ details.

An unencrypted memory stick was stolen from the Chelsea and Westminster Hospital Foundation trust, taking with it sensitive medical information of 143 patients. The Trust believes that the information was stolen from an unlocked office that was being used as a walk-in clinic.

In arguably the most shocking case, the ICO said Epsom and St Helier University Hospital NHS Foundation trust had been storing hospital records insecurely for two years following data being transferred between hospitals. A ward handover sheet, containing information relating to 23 patients in the care of Surrey and Sussex NHS trust, was found on a bus.

The same trust also reported the theft of two laptops, neither were encrypted.

A further laptop, also unencrypted, was stolen from an employee of the Hampshire Partnership NHS trust. The laptop held the personal data of 349 patients and 258 staff.

The NHS bodies have agreed to implement the appropriate security measures to ensure that personal details are properly protected by establishing physical safeguards, such as locking an office.

Sally-Anne Poole, head of enforcement and investigations at the ICO, said in a statement that the five cases should serve as a reminder to NHS bodies to keep patient data safe.

“Data protection must be a matter of good corporate governance and executive teams must ensure they have the right procedures in place to properly protect the personal information entrusted to them," she said in a statement.

"Failure to do so could result in patient information, including sensitive medical records and treatment details falling into the wrong hands."

Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!

« prev article | more security news | next article »

Advert

close

Email this article to a friend or colleague:




PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

close
  • This article is now being printed.
close

What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.


Characters remaining:

close

Click below to add 'Five NHS Trusts slammed by ICO for breaching Data Protection Act - Cybercrime & Hacking - ComputerworldUK' to your blog.



If you do not have a ComputerworldUK Account and would like to use this feature, please Register.

If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.

What is this?

Advert

WHITE PAPERS

  • Legal risks: Employee use of the internet and email
    Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees.
  • Phishing for victims
    This White Paper examines the phenomenon of phishing. It explains the potentially catastrophic threat it presents to all kinds of organisation. Exploding some widespread myths, it lights up the murky waters where phishing first emerged and where it continues to evolve. But it also highlights what your business can do to blunt the threat.
  • Challenges and opportunities of PCI
    The control framework implicit in the Payment Card Industry Data Security Standard (PCI DSS) provides an enterprise structure for improving operational, security, and audit performance.
  • Social CRM comes of age
    Who is this “social customer”? What strategies and tools does the new breed of CRM provide to do something about this?
  • Risk Management: Protect and Maximize Stakeholder Value
    What has held organisations back from a broader adoption of risk management programs?
*