NHS trust loses patient data on memory stick

A hospital trust has admitted losing a memory stick with the confidential details of hundreds of patients on it.

Surrey and Sussex Healthcare NHS Trust reported the breach to the Information Commissioner's Office (ICO) shortly after the unencrypted memory stick was lost late last year.

An ICO spokeswoman said: "After investigating the breach, the ICO warned the organisation that their policy covering the storage and use of personal data must be followed by staff and the trust must make sure their staff are appropriately trained on how to follow it.

"The trust was also warned that any repetition of such an incident may result in formal regulatory action."

It emerged yesterday that Dartford and Gravesham NHS Trust had accidentally destroyed 10,000 archived records and failed to realise its mistake until three months later.

The records, which should have been kept in a dedicated storage area, were put in a disposal room due to a lack of space and then destroyed by mistake between December 28 and 31 last year, the ICO said.

Michael Wilson, chief executive of Surrey and Sussex Healthcare NHS Trust, said the member of staff involved has been disciplined and received further training.

He added: "I would like to reassure patients that we take the confidentiality of patient information extremely seriously.

"The memory stick in question was lost last September, before I joined the trust, when the trust's policy was that all staff should always use encrypted memory sticks when transferring patient data.

"It is regrettable that this didn't happen on this occasion and since then we have put in place new measures that mean that now only encrypted memory sticks can be used with trust computers.

"We have not been informed that the data on the stick has been passed to or found by any third parties."