We talked in one of our last posts about how often patient data is getting compromised these days. Just when we thought there won’t be another breach related to patient data, we are proved wrong! The following news item talks again about patient data loss and that too due to negligence of the staff at National Health Service (NHS) Trust.

It appears that NHS staff has been breaching the Data Protection Act (DPA) by posting private patient data and photographs on Facebook. Data breaches took place across the country between July 2008 and July 2011. Civil liberties group Big Brother Watch submitted Freedom Of Information requests which showed that there were 806 separate data breaches at 152 NHS trusts during the above mentioned period. The report states that more than 20 incidents of patient information was posted on social networking sites and 91 cases where NHS staff was caught viewing details of colleagues.

Consequence of the data breach

Around 100 staff members were dismissed due to breach of Data Protection policy.

What does the Director of Big Brother Watch have to say?

‘This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected.’

The above shows that data breaches in the NHS are proving to be a ‘major problem’. ”The information held in medical records is of huge personal significance and for details to be disclosed, maliciously accessed or lost represents serious infringements on patient privacy.”

He further added: “It is essential the NHS is transparent about these incidents and failing or refusing to disclose that a data breach has taken place is unacceptable.”

Big Brother Watch feels that the NHS does not have a robust data security policy in place to ensure patients’ privacy is protected. It is of the opinion that such cases are going to keep increasing as more and more NHS staff members are going to get access to the new computer database having patient information. This new database called ‘The Summary Care Record’ will provide GPs, hospital doctors and paramedics immediate data about patients, such as allergies or medications.

NHS guilty of data breaches. Patient data compromised

Incident at the Nottingham University Hospital NHS Trust

A member of medical staff took a photograph of a patient in bed and showed it to friends on the social networking site. Needless to say, the member was dismissed.

What is being said about tightening of data security?

Information Commissioner’s Office said: “We continue to work with organizations from across the NHS to improve the security of patients’ information and will consider taking action where it is clear that an organization has failed to meet its legal obligations.”

Health Minister Simon Burns added: “We have issued clear standards and guidance to the NHS about what needs to be done to keep patient records secure and confidential. Individual NHS organizations are responsible for ensuring their staff understand and follow that guidance.”

Hospitals can secure themselves with Alertsec

Organisations and hospitals, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.