NHS trust loses 21,000 patient details on laptop

A hospital trust has lost an unencrypted laptop containing details of thousands of patients.

The Information Commissioner's Office (ICO) will investigate whether Colchester Hospital University NHS Foundation Trust breached the Data Protection Act when it failed to encrypt 21,000 patient details.

The laptop, containing patient names, dates of birth, postcodes and treatment details, was stolen from the car of a Colchester trust manager.

The manager has been suspended following the theft on 18 June. Trust chief executive Peter Murphy has admitted the laptop should have been encrypted.

The Department of Health recently revealed it would take at least six months for trusts to complete encryption of all machines.

The Colchester hospital trust refused to confirm how much other patient data it held was unencrypted, citing "security reasons".

Despite this, Murphy said in a letter that patients should be reassured that "the trust takes security and patient confidentiality very seriously".

Murphy told patients in a letter: "The trust offers all affected patients its sincere apologies for putting their confidential information at risk."

Murphy added that there is a "very small chance that patient details can be accessed" and that the trust believes "the data will almost certainly by wiped by the thief".

The ICO took enforcement action against Marks & Spencer in January for breaching the Data Protection Act by failing to encrypt staff information on a stolen laptop.