01.07.11
Growing threat from NHS data breaches
The Information Commissioner has called a meeting with NHS chief executive Sir David Nicholson to discuss the millions of personal medical records lost by health service trusts and hospitals.
The commissioner, Sir Christopher Graham, said he will impose fines of up to £500,000 to counter what he called a “disturbing” culture in the health service.
He told The Independent newspaper: “There’s just too much of this stuff going on. The senior management is aware of the challenge but the breaches continue. Whether it’s a systemic problem in the NHS or an epidemic we have got to do something about it.
“Health service workers look after their patients very carefully but don’t always look after their data very carefully.”
He said there was a “market” in unlawfully obtained personal data because there were people willing to pay, including tabloid journalists, lawyers, scammers, and the insurance industry.
He called for an increase in the penalties imposed in such cases, brought under section 55 of the Data Protection Act, telling the newspaper: “It’s a much wider problem and we do need some tougher penalties because the courts don’t seem to regard it as a terribly serious offence.”
NHS organisations with recent data security issues include Ipswich Hospital NHS Trust, a medical practice in Durham, East Midlands Ambulance Service NHS Trust, Lancashire Teaching Hospitals NHS Foundation Trust and Basildon and Thurrock NHS Trust.
The Information Commissioner is also investigating how the NHS North Central London Trust managed to lose a laptop containing an estimated 8.3m patient records.
He has written to Sir David to warn him that a period of reform in the NHS represented a “moment of maximum risk” of further data breaches.
Tell us what you think – have your say below, or email us directly at [email protected]