Five NHS bodies breach Data Protection Act

The ICO finds five NHS bodies recently breached the Data Protection Act, as the health service is called on to up its security game.

Security

The Information Commissioner's Office (ICO) has called on the NHS to do more to protect patient information, following a slew of breaches at the health service.

The ICO discovered five health organisations had breached the Data Protection Act, all of which had not taken "appropriate steps" to secure sensitive personal information."

Information commissioner Christopher Graham said the NHS needed to initiate a "culture change" if security was to be improved.

"Recent incidents such as the loss of laptops at NHS North Central London - which we are currently investigating - suggest that the security of data remains a systemic problem," Graham said.

"The policies and procedures may already be in place but the fact is that they are not being followed on the ground."

In one of the five breaches discovered by the ICO, Ipswich Hospital NHS Trust lost 29 patient records after a member of staff took them home to update a training log and then misplaced them.

In another, Dunelm Medical Practice in Durham sent discharge letters about two patients' routine operations to the wrong recipient, after an employee entered the fax number incorrectly.

The NHS has suffered numerous data breaches in the past, losing devices in public spaces such as a car park and a bus stop.

Reports last month indicated an NHS laptop containing 8.6 million medical records had gone missing.

"We fully support the information commissioner's call for improvement in local NHS practice in relation to preserving patient confidentiality," a Department of Health spokesperson said.

"There is absolutely no excuse for breaches leading to the loss of sensitive and personal data. Encrypting information held on portable devices such as laptops and memory sticks is just as important as avoiding public conversations about patients' details."

The NHS has signed a deal with Zscaler to implement at cloud security product within the health service, IT Pro revealed last week.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

ICO launches AI risk assessment toolkit for businesses
Information Commissioner

ICO launches AI risk assessment toolkit for businesses

21 Jul 2021
What is the Information Commissioner’s Office (ICO)?
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

15 Jul 2021
NHS adopts predictive AI tech from controversial startup
public sector

NHS adopts predictive AI tech from controversial startup

26 Apr 2021
NHS to digitise coronavirus testing with new Scandit deal
digital transformation

NHS to digitise coronavirus testing with new Scandit deal

8 Apr 2021

Most Popular

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021