Warning issued after DPA breached by five trusts16th July 2009
NHS bodies have received a warning from the Information Commissioner’s Office about the importance of protecting data after it emerged that another five trusts had breached the Data Protection Act.
The breaches were made by The Royal Free Hampstead, Chelsea and Westminster Hospital and Epsom and St Helier University Hospital in London and Surrey and Sussex Healthcare and Hampshire Partnership in the south east.
The trusts involved have now signed an undertaking to abide by particular aspects of the Data Protection Act to avoid enforcement action.
It commits them to ensuring all portable devices used encrypted software to current standards, that physical security measures are adequate enough to prevent unauthorised access and that their staff adhered to policies which cover the storage and use of personal data.
The warning comes after the Royal Free took more than five months to report the loss of an unencrypted CD containing patients’ medical details while the breach at Surrey and Sussex involved a ward handover sheet being left on a bus.
Chelsea and Westminster had an unencrypted USB memory stick containing patient details stolen from an unlocked office, a staff member from the Hampshire Partnership NHS Trust had a laptop stolen at a London healthcare conference and Epsom and St Helier stored hospital records insecurely for nearly two years.
Sally-Anne Poole, head of enforcement and investigations at the ICO, said: “These five cases serve as a reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security.”
Share this page
There are no comments for this article, be the first to comment!
Post your comment
Only registered users can comment. Fill in your e-mail address for quick registration.
Title: Warning issued after DPA breached by five trusts
Author: Mark Nicholls
Article Id: 12169
Date Added: 16th Jul 2009