Four more NHS organisations breach DPA30th April 2009
A hospital trust has been told to tighten security after a memory stick with medical details of 741 patients on it went missing.
As a result of the incident, Cambridge University Hospital NHS Foundation Trust, which runs Addenbrooke's Hospital, was found to be in breach of the Data Protection Act.
The unencrypted memory stick, which was left in an unattended vehicle, was later returned to Addenbrookeâ€™s by a car wash attendant who discovered it, said the Information Commissionerâ€™s Office (ICO).
Three other health trusts have also breached the act.
Central Lancashire Trust lost an encrypted memory stick with details of 6,360 prison patients of HMP Preston; the North West London Hospitals Trust reported the theft of computers containing the details of test results of 361 patients; and Hull and East Yorkshire Hospitals Trust reported the loss and theft of computers containing details of 2,300 patients.
ICO assistant information officer Mick Gorrill said: "These four cases serve as a stark reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security.
"In these latest cases staff members have accessed patient records without authorisation and on occasions, have failed to adhere to policies to protect such information in transit."
Addenbrooke's Hospital said that as the information on the memory stick was only looked at by the car wash attendant, the Trust was satisfied that patient confidentiality was not compromised.
All four trusts have now signed formal undertakings that they will process personal information in line with the Data Protection Act.
Share this page
There are no comments for this article, be the first to comment!
Post your comment
Only registered users can comment. Fill in your e-mail address for quick registration.