Researchers have revealed almost 10,000 NHS patients records were reported either missing or lost during the last financial year.
The NHS misplaced 9,132 patient records during 2017/18 - with University Hospital Birmingham alone reporting 3,129 records as missing or lost, according to a Freedom of Information (FOI) request carried out by Parliament Street across 68 trusts.
This was followed by Bolton NHS Trust, which was unable to locate 2,163 records, and University Hospital Bristol, reporting 1,105 misplaced records - although the vast majority of these (1,075) were found at a later date.
Of the trusts contacted for Parliament Street's latest report 'NHS Data Security: Protecting Patient Records' just 24% said they had reported zero incidents of misplaced records in the last financial year.
Missing or lost records generally include those requested by patients within a certain time frame, and not delivered, as well as records that were reported but eventually found at a later date.
West Suffolk NHS Foundation Trust, meanwhile, specifically reported a patient list as stolen - despite using Cerner Millennium as a platform to hold data, the researchers said.
"Data and security is a vital element for the NHS, not just to protect the data they hold, but to continue to have public trust in the system and keep their confidential data secure," the report said.
"With nearly 10,000 patient records reported as missing in the last year, it's clear that much more needs to be done to protect the identity and integrity of patient documents.
The researchers also learned 94% of trusts still use handwritten notes to record patient data; underlining the scale of the digital transformation challenge the healthcare system faces.
To mitigate the risks of losing patient records the think tank recommended the NHS abolishes handwritten notes in hospitals altogether and introduces a patient identity protocol to ensure all data is properly captured and stored electronically.
Handwritten notes, according to Parliament Street, are "no longer fit for purpose" given that different handwriting styles can be misinterpreted - and said the NHS should work towards recording patient data via tablets or mobile devices.
NHS Digital has already made good progress on ditching paper referrals, recently reporting that 47 hospitals and 2,479 GP practices have switched to a new e-Referral Service (e-RS) - with all acute hospital trusts across the north of England switching to the service ahead of the 1 October deadline.
The concept of a patient ID, meanwhile, is one NHS Digital is already working on, according to its lead on Citizen ID Adam Lewis, with the healthcare system's digital arm considering using 'video selfies' as a potential one-time verification tool.
NHS Digital will start testing the 85 million system on private beta imminently, with a public beta starting towards the end of the year, or early 2019.
"It is important that patient processes are improved, so a patient identity protocol could help raise standards across NHS Trusts, ensuring all information is properly captured and stored digitally," the report continued.
"This would greatly increase the security and privacy protection for patients."
IT Pro approached NHS Digital for comment but was redirected to the Department for Health and Social Care (DHSC).
An ICO spokesperson said: "The health sector handles some of the most sensitive personal data, and patients have the right to expect that information will be looked after.
"The ICO has a range of resources and guidance specifically aimed at the health sector and we work closely with the NHS on data protection.
"There are a range of tools at our disposal to encourage compliance with the Data Protection Act, from advice and audits to enforcement action and criminal prosecutions. However, individuals and organisations must themselves take ultimate responsibility for obeying the law."
