Now They’Ve Managed to Lose Our Health Records
By Daniel Martin
THE confidential records of hundreds of thousands of NHS patients and staff have gone missing in the latest data loss scandal to hit the Government. Nine trusts admitted they have lost computer discs and memory sticks containing sensitive information during a Government-wide security review. It comes only weeks after a series of high-profile data security incidents, including the loss of details of 25million child benefit claimants.
The Department of Health said there was no proof that any of the data had fallen into the wrong hands. But campaigners said the security breaches mean the Government should scrap plans for a centralised computer network containing all NHS records. Tory health spokesman Steve O’Brien said: ‘The Government is obsessed with the idea of databasebuilding but they are not prepared to put in the essential security. ‘I hold the Government responsible for this.
Having large central databases is a problem because there is the risk of a major security breach.’ He added: ‘People are going to be very worried about this and they are right to be. It’s another example of the incompetence of this Government.’ Joyce Robins from Patient Care described the data loss as a ‘scandal’ and ‘the tip of the iceberg’. She told the BBC: ‘Every week we hear of a new one. ‘Health records can have anything from your ex-directory phone number to your HIV status. ‘Given the carelessness and lack of accountability in the NHS, this could be the end of patient confidentiality. It may be only a matter of time before records fall into the wrong hands.’
Nine trusts in all have admitted to breaches of data security – and only one has recovered the records it lost. At Norfolk and Norwich university hospitals trust, a member of staff is being disciplined after summary sheets from wards were found in a household wheelie bin. The papers contained names, numbers and information about patients’ conditions. City and Hackney primary care trust is believed to have lost the names and addresses of 160,000 child patients after a disc failed to arrive at St Leonard’s Hospital in East London. Sutton and Merton PCT in London has also admitted losing data, as have Gloucester Partnership Trust, Bolton Royal Hospital, Mid- Essex PCT and Maidstone and Tunbridge Wells NHS Trust.
The East and North Hertfordshire trust reported a loss – but has since found the missing data. A spokesman for the Department of Health said he did not have details on how many people were affected by the breaches because they were being dealt with locally. ‘Since the recent heightened concern about data protection, a small number of trusts – nine – have reported breaches of their own security rules,’ he said. ‘There are strict guidelines and procedures for dealing with such breaches. Trusts have an obligation to inform patients where appropriate. ‘Investigations are underway in all the trusts involved and action will be taken against anyone who has failed to fulfil their legal responsibilities.’
But Richard Vautrey, deputy chairman of the British Medical Association’s committee of GPs, said the Government was not serious enough about data security. Patients need to be absolutely confident that the information that is held securely cannot be lost in some haphazard way as appears to be the case,’ he told the BBC. He said the development was particularly worrying given the Government’s plans for a centralised NHS computer network, called Connecting for Health. LibDem health spokesman Norman Lamb added: ‘The whole culture of data management in the public sector has to change. Organisations and staff must understand that this sort of important data must be protected at all costs.’
The chief executive of the NHS, David Nicholson, recently wrote to trust chief executives reminding them of the importance of keeping data secure. Police are still searching for two computer discs containing the names, addresses, dates of birth and bank account details of every child benefit claimant in the country. They were lost in the post by Revenue and Customs in November this year. It is one of at least seven data security breaches at the department over the last few months. These also included the loss of information contained in a stolen laptop, and one instance where confidential waste fell off the back of a lorry. It also emerged last week that information on 6,500 customers of pension provider Countrywide Assured had gone astray.
The details of three million learner drivers have also been lost, after being sent to the U.S. A spokesman for campaign group NO2ID said: ‘We are now starting to see the consequences of the Government obsession with information “sharing” and centralised IT in the NHS. ‘If you care about your privacy then keep your medical records between you and your doctor.’ Comment – Page 14
SEP 2007 Details of 15,000 people go missing after HM Revenue and Customs (HMRC) sends them to insurer Standard Life.
Data on 400 savers also lost when HMRC laptop is stolen.
OCT 18 Two CDs containing unencrypted details of 25million child benefit claimants lost when being sent – unregistered and not recorded – through the post by junior HMRC official to National Audit Office.
DEC 11 Vehicle licensing staff admit losing personal details of 7,685 drivers in Northern Ireland when two uncoded discs sent in post get lost at Parcelforce sorting centre in Coventry.
DEC 17 Transport Secretary Ruth Kelly admits personal details of three million learner drivers lost by the DVLA after a computer goes missing in the American state of Iowa.
DEC 19 HMRC admits losing personal details of 6,500 private pension holders. Officials lost a computer cartridge containing names, postcodes and National Insurance numbers at a centre in Cardiff.
DEC 23 Nine NHS trusts admit losing data of hundreds of thousands of patients, including loss of 160,000 children’s names and addresses by City and Hackney Trust, after a disc failed to arrive at an east London hospital.
THE GUILTY NHS TRUSTS
City and Hackney – Bolton Royal Hospital – Sutton and Merton – Sefton Merseyside – Mid-Essex Care Trust – Norfolk and Norwich – Gloucester Partnership Foundation Trust – Maidstone and Tunbridge Wells – East and NorthHertfordshire
(c) 2007 Daily Mail; London (UK). Provided by ProQuest Information and Learning. All rights Reserved.