NHS still leaking data like a sieve

In the past few years the NHS has been notorious for its data leaks and it seems the situation is not improving. Over the first quarter of this year the NHS has been accused of losing almost as much personal data as the entire private sector.

Since January the Information Commissioner has logged over 140 breaches in security by the NHS, exceeding all other government losses, both local and central combined and has emerged as the public sectors main source of data loss. Typical examples of the leaks include:

• Loss of an encrypted and password-protected memory stick containing medical details of over 6,000 prisoners with the access details written on a label attached to the stick.

• Persons unknown scavenged old NHS computers that were dumped in a skip. The machines had not been scrubbed and still had the names, addresses and medical notes of 2,500 people on their hard disks.

• A unsecured laptop stolen from a GP and still missing, contained downloaded details of 10,000 patients.

As The Independent newspaper reported yesterday, the Information Commissioner Richard Thomas said of the leaks, NHS workers are showing a "cavalier attitude" and that there is a "there is a complete disconnect between the procedures laid down by managers and what happens on the ground. We need a complete audit to try to change the culture."

In a letter to Hugh Taylor, the Department of Health Permanent Secretary, Mr Thomas has demanded immediate improvements to the sloppy treatment of personal data by the NHS.

Perhaps the biggest problem facing the NHS when trying to enforce security is its sheer size. While it is perhaps inevitable that storage hardware containing sensitive information will continue to go missing it should at least be securely encrypted.

(trk)