NHS 'loses' thousands of medical records

Exclusive: Information watchdog orders overhaul after 140 security breaches in just four months

The personal medical records of tens of thousands of people have been lost by the NHS in a series of grave data security leaks. Between January and April this year, 140 security breaches were reported within the NHS – more than the total number from inside central Government and all local authorities combined.

The sacred principle of doctor-patient confidentiality is being compromised, Richard Thomas, the Information Commissioner, has warned. Britain's information watchdog has ordered an urgent overhaul of data security in the health service.

Some computers containing medical records have been left by skips and stolen. Others were left on encrypted discs – but the passwords allowing access were taped to the side.

In an interview with The Independent, the Information Commissioner's chief enforcer blamed the growth of a "cavalier attitude" among NHS workers across Britain for the exposure of the sensitive records.

Mr Thomas has written to the Department of Health's top civil servant, Hugh Taylor, demanding immediate improvements to the lax treatment of personal data within the NHS.

He plans to send in a crack team of inspectors to examine how data is protected by hospitals and medical workers across Britain. Over the last six months, the watchdog has been forced to take action against 14 NHS institutions for breaching data regulations.

One GP downloaded a complete patient database, including the medical histories of 10,000 people, on to an unsecured laptop. The laptop was then stolen from his home and never retrieved. In another embarrassing breach, a memory stick containing the medical histories of 6,360 prison patients and ex-inmates of Preston prison was lost. Though the data was encrypted, the password was written on a Post-It note that was attached to the device.

Camden Primary Care Trust was also found guilty of a major security breach after old computers, containing the names, addresses and medical notes of 2,500 patients, were dumped beside a rubbish skip near St Pancras Hospital last summer. The computers, which were not encrypted, were stolen and never recovered.

The Department for Health has already responded by issuing an urgent plea to hospital managers to arrest the data breaches being committed by doctors, nurses, security and management staff.

It has reminded them of rules on encrypting private patient data and those on transferring files.

Mick Gorrill, the assistant Information Commissioner in charge of enforcement, told The Independent that a number of "inexcusable" data losses within the NHS had become a cause of "great concern".

"Medical history is very sensitive personal data, which is likely to cause harm or distress. The law dictates they must keep this information confidential, but the NHS is by far the biggest offender within the public sector," Mr Gorrill said.

"There needs to be a recognition that this information affects real people and can cause real harm if lost. Just as workers would never disclose information they had been told by a patient, they should also treat information in exactly the same way."

He added: "There is a complete disconnect between the procedures laid down by managers and what happens on the ground. We need a complete audit to try to change the culture."

He warned that while the loss of the data caused obvious distress among people who expected their medical details to be kept secret, there was also a market for the data.

"We know that some insurance companies already hire private detectives to find out medical histories," he said. "This information could do a lot of damage to many people if it fell into the wrong hands."

NHS bodies soon face substantial fines for breaches under new powers to be handed to the Information Commissioner's Office (ICO) by the end of the year. "We would not want to impose a fine as they have better things to spend their money on. But in some of these incidents, we would have little choice," Mr Gorrill said.

"For example, a man who has had cancer or a vasectomy may have only told close family. To think that is lost and in the public domain would cause obvious distress. We need to change the cavalier attitude to data of a Facebook generation."

Michael Summers, vice-chair of the Patient's Association, said that the action from the Mr Thomas was long overdue as patients had been expressing concerns over the loss of their personal data for years.

"It is a bit late as no one has been taking responsibility for sorting this out," he said. "Patients have grown up with the idea that what they tell their GP will not be divulged. These data losses totally undermine that, causing great worry to many people."

A spokesman for the Department of Health said that Mr Taylor, the permanent secretary at the department, would be replying "in due course" to Mr Thomas's concerns. He said that action would be taken "against anyone responsible for breaching our strict data protection rules".

The spokesman added: "The Chief Executive of the NHS wrote to all senior health managers reminding them of their responsibilities.

"The Department is also providing, through the National Programme for IT, electronic patient records systems that are protected by the highest levels of access controls and other security measures, a secure NHS network for exchanging information that is centrally monitored and strongly protected and secure NHS email facilities that encrypts all data in its system."

The number of data security breaches within the NHS was only slightly lower than the total number of security breaches reported to the Information Commissioner from within the entire private sector. Stolen and lost hardware was the most common reason for information disappearing.

Privacy emergencies: NHS security breaches

*Computers containing the names, addresses and medical notes of 2,500 Camden Primary Care Trust patients were left beside a skip at St Pancras hospital, London. The computers, which were not encrypted, were stolen and never recovered.

*Medical details of 6,360 inmates and former inmates at Preston prison were lost after a memory stick was taken outside the grounds and went missing. The date was encrypted, but the password had been helpfully written on a note taped to the device.

*Cambridge University Hospital lost an unencrypted memory stick carrying treatment details of 741 patients was taken away in a staff member's car. The stick was found by a car wash worker who worked out who the device belonged to after accessing it.

*The unencrypted medical histories of 2,300 cancer patients were compromised by Hull & East Yorkshire Hospitals NHS Trust after the theft of a desktop computer and a laptop.

*Two laptops were stolen from Central Middlesex hospital, and a desktop computer from nearby Northwick Park hospital, after the card security system was disabled for maintenance. Test results of 361 patients were lost. The details were encrypted.

Start your day with The Independent, sign up for daily news emails
Have you tried new the Independent Digital Edition apps?
ebooksA celebration of British elections
Ed Miliband and David Cameron are neck and neck in the polls
election 2015Armando Iannucci: on how British politics is broken
Life and Style
Great minds like Einstein don't think alike
Arts and Entertainment
Billie Piper as Brona in Penny Dreadful
tvReview: It’s business as usual in Victorian London. Let’s hope that changes as we get further into the new series spoiler alert
Life and Style
A nurse tends to a recovering patient on a general ward at The Queen Elizabeth Hospital in Birmingham
Arts and Entertainment
No Offence
tvReview: No Offence has characters who are larger than life and yet somehow completely true to life at the same time spoiler alert
Chuck Norris pictured in 1996
Arts and Entertainment
Sarah Lucas, I SCREAM DADDIO, Installation View, British Pavilion 2015
artWhy Sarah Lucas is the perfect choice to represent British art at the Venice Biennale
A voter placing a ballot paper in the box at a polling station
  • Get to the point
2015 General Election

Poll of Polls

Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs General

Ashdown Group: IT Support Engineer - Leeds

£22000 - £25000 per annum: Ashdown Group: IT Support Engineer - Leeds This i...

SThree: Trainee Recruitment Consultant - Bristol

£18000 - £23000 per annum + Uncapped OTE: SThree: SThree Trainee Recruitment C...

SThree: Trainee Recruitment Consultant - Birmingham

£18000 - £23000 per annum + Uncapped OTE: SThree: SThree Trainee Recruitment C...

SThree: Trainee Recruitment Consultant - Dublin

£13676.46 - £16411.61 per annum + OTE: SThree: SThree Trainee Recruitment Cons...

Day In a Page

General Election 2015: Ed Miliband's unlikely journey from hapless geek to heart-throb

Miliband's unlikely journey from hapless geek to heart-throb

He was meant to be Labour's biggest handicap - but has become almost an asset
General Election 2015: A guide to the smaller parties, from the the National Health Action Party to the Church of the Militant Elvis Party

On the margins

From Militant Elvis to Women's Equality: a guide to the underdogs standing in the election
Amr Darrag: Ex-Muslim Brotherhood minister in exile still believes Egypt's military regime can be replaced with 'moderate' Islamic rule

'This is the battle of young Egypt for the future of our country'

Ex-Muslim Brotherhood minister Amr Darrag still believes the opposition can rid Egypt of its military regime and replace it with 'moderate' Islamic rule, he tells Robert Fisk
Why patients must rely less on doctors: Improving our own health is the 'blockbuster drug of the century'

Why patients must rely less on doctors

Improving our own health is the 'blockbuster drug of the century'
Sarah Lucas is the perfect artist to represent Britain at the Venice Biennale

Flesh in Venice

Sarah Lucas has filled the British pavilion at the Venice Biennale with slinky cats and casts of her female friends' private parts. It makes you proud to be a woman, says Karen Wright
11 best anti-ageing day creams

11 best anti-ageing day creams

Slow down the ageing process with one of these high-performance, hardworking anti-agers
Juventus 2 Real Madrid 1: Five things we learnt, including Iker Casillas is past it and Carlos Tevez remains effective

Juventus vs Real Madrid

Five things we learnt from the Italian's Champions League first leg win over the Spanish giants
Ashes 2015: Test series looks a lost cause for England... whoever takes over as ECB director of cricket

Ashes series looks a lost cause for England...

Whoever takes over as ECB director of cricket, says Stephen Brenkley
Fishing for votes with Nigel Farage: The Ukip leader shows how he can work an audience as he casts his line to the disaffected of Grimsby

Fishing is on Nigel Farage's mind

Ukip leader casts a line to the disaffected
Who is bombing whom in the Middle East? It's amazing they don't all hit each other

Who is bombing whom in the Middle East?

Robert Fisk untangles the countries and factions
China's influence on fashion: At the top of the game both creatively and commercially

China's influence on fashion

At the top of the game both creatively and commercially
Lord O’Donnell: Former cabinet secretary on the election and life away from the levers of power

The man known as GOD has a reputation for getting the job done

Lord O'Donnell's three principles of rule
Rainbow shades: It's all bright on the night

Rainbow shades

It's all bright on the night
'It was first time I had ever tasted chocolate. I kept a piece, and when Amsterdam was liberated, I gave it to the first Allied soldier I saw'

Bread from heaven

Dutch survivors thank RAF for World War II drop that saved millions
Britain will be 'run for the wealthy and powerful' if Tories retain power - Labour

How 'the Axe' helped Labour

UK will be 'run for the wealthy and powerful' if Tories retain power