NHS patient letters meant for GPs went undelivered for years
Yep, half a million
The NHS has been accused of covering up a large data loss involving the loss or mislaying of more than half a million pieces of confidential information.
Confidential medical correspondence – including test results, diagnoses and treatment plans – between GPs and hospitals went undelivered during the five years from 2011 to 2016, The Guardian reports. The problem arose because the firm tasked with arranging the delivery of internal NHS correspondence mistakenly stored it in a warehouse.
A total of 708,000 items of correspondence were undelivered, 200,000 of which covered change of address forms and are therefore of great importance. The NHS has put together a team to assess the impact of the systematic blunder, The Guardian adds.
Tony Pepper, co-founder and chief exec of data security company Egress, said the NHS's reliance on paper records is partly to blame for the systematic screw-up.
"[This} raises new questions about why the NHS is still relying on physical data records," Pepper said. "Just this month Jeremy Hunt admitted that the original target of a paperless NHS by 2018 was unlikely to be met, but given what we know now, perhaps that needs to be revisited again?"
"Physical data is inherently less secure than digital - it's difficult to trace, goes missing easily and is often open to interference. While digital records have their own set of challenges, with the right foresight and security and compliance mechanisms in place, it's far less likely to go missing or be subject on this scale to the same issues of human error," he added.
It's not immediately clear whether or not what happened falls under the remit of data privacy watchdogs at the ICO, partly because the mislaid or lost information was on paper rather than handled digitally. We've put in a query asking whether the ICO will be looking into the matter. We'll update this story as and when we learn more. ®
Sponsored: Becoming a Pragmatic Security Leader