Unencrypted data goes walkabout… again
The UK privacy watchdog has criticised lax NHS data security as it announced it is taking action against a London hospital where two laptops were stolen.
The Information Commissioner's Office yesterday announced it is taking enforcement action against Brent Teaching Primary Care Trust after two laptops were stolen last month.
The laptops containing the unencrypted details of 389 patients, including some medical details, were taken from a locked office in Central Middlesex Hospital on 14 January.
The ICO has required Brent PCT to sign a formal undertaking to encrypt all portable and mobile devices used to transmit personal information and to train staff in data security.
silicon.com Public Sector
Get the latest public sector news straight to your inbox. Sign up for the PS newsletter today!
Mick Gorrill, assistant information commissioner at the ICO, said in a statement: "I am increasingly concerned about the way some NHS organisations are transferring sensitive records onto laptops and other mobile devices that are not encrypted.
"Organisations need to ensure they implement appropriate safeguards to ensure personal details about patients are processed securely."
Brent PCT said it now provides laptop locks and encrypts data on laptop hard disks, prevents staff from downloading to portable devices, and has reminded staff of their responsibilities for data security.
CEO of Brent PCT Mark Easton said in a statement: "NHS Brent has made huge progress to date, and I am keen to ensure that the IT infrastructure meets our needs and that our staff are updated regularly on their individual responsibilities."
Last month the ICO also took enforcement action against Abertawe Bro Morgannwg University NHS Trust and Tees, Esk and Wear Valleys NHS Foundation Trust for breaching the Data Protection Act.
An unencrypted laptop containing the sensitive personal data of approximately 5,000 patients, including some health records, was stolen from the Abertawe Bro Morgannwg University NHS Trust.
While at Tees, Esk and Wear Valleys NHS Foundation Trust an unencrypted memory stick containing sensitive personal information relating to patients and staff was lost.
In September last year silicon.com found that as many as 29 million people had had their records lost by Whitehall departments and other public sector bodies over the past 12 months.