17.06.14
NHS patient information lost in data breach
Thousands of NHS patients may have been affected by a number of data breaches dating back to June 2013 by Birmingham-based Diagnostic Health Systems.
The BBC has reported that patient data was stored unencrypted by the private firm, which carries out ultrasound scans for the NHS.
The Care Quality Commission (CQC) had been notified about the breaches last year by a whistleblower from Stafford and Surrounds CCG, which commissioned services from Diagnostic Health Systems.
Once notified, the Information Commissioner's Office (ICO) carried out an audit report with consent given by Diagnostic Health Systems. But, as ICO audits of private firms are conducted on a "consensual" basis, the firm requested that the audit summary for the report not be published online.
However, a leaked copy of the report, seen by the BBC, revealed that staff at the company shared the same password to access files on a web-based storage account.
Additionally, GP referrals were being emailed directly to staff inboxes, while there was no audit trail of who accessed the system. And at the time of the ICO report, the company was unable to delete personal data from an ex-consultant's laptop.
An ICO spokesperson told NHE: “We have limited compulsory audit powers and so the vast majority of audits require consent. It is important that organisations are able to engage with us constructively during the audit planning process and we therefore commit to not releasing details of the report until the executive summary is published.
“Following our audit with Diagnostic Health Systems, we provided recommendations advising the organisation on the improvements it should make to the way it handles personal information. These recommendations are being acted upon and we are happy with their progress so far.”
It had been reported that as recently as December, the CQC reported that Diagnostic Health's record systems were still not compliant.
But Jonathan Leonard, from Diagnostic Health, told the BBC the firm had conducted a full review with commissioners. “We have worked transparently with our NHS commissioning client throughout the process and can confirm that they are satisfied with all steps taken moving forwards,” he said.
“As a result, our lead commissioner, has confirmed that they are once again happy for us to resume providing services for their patients and others are in the process of agreeing the same.”
Stafford and Surrounds CCG confirmed that it believed Diagnostic Health was now compliant. However the company has not yet begun providing scans in Staffordshire again.
Tell us what you think – have your say below or email [email protected]