Original URL: https://www.theregister.com/2010/06/16/nhs_ico_dataloss/

NHS still rubbish at caring for data

ICO warns, again. Surely that'll work this time

By John Oates

Posted in Legal, 16th June 2010 06:02 GMT

The Information Commissioner's Office has again warned the NHS that it is not doing enough to safeguard patients' data.

This week's featured failures come from Stoke-on-Trent and Basingstoke and North Hampshire. NHS Stoke lost 2,000 paper physiotherapy files, and is not sure if they were destroyed or simply filed in the wrong place.

Basingstoke managed to lose an Excel spreadsheet containing 917 pathology results - emailed from an insecure address. The sheet was not password-protected and the receiving department had no need for such a large quantity of medical records.

Both organisations have promised to try harder in future, and their chief executives have signed letters to that effect.

Mick Gorril, head of enforcement at the ICO, said: “Everyone makes mistakes, but regrettably there are far too many within the NHS.

"Health bodies must implement the appropriate procedures when storing and transferring patients’ sensitive personal information."

A quarter of all data breaches which are reported to the ICO come from the NHS. ®