Patient data breached five times a week. Do you trust the NHS?

by , Computing Editor Consumer Rights 31 October 2011
VN:F [1.9.22_1171]
2 - 0
avatar

The foundation of the doctor/patient relationship is trust, but it seems you can’t say the same of the NHS in this digital age. Patient data is apparently leaked five times a week – staff need to take extra care with technology.

Doctors looking at computer

According to Freedom of Information Act requests by Big Brother Watch, there were 806 incidents over the last three years where the laws protecting the privacy of patient records were breached.

Breaches included 23 instances of patient information being posted on a social network, 91 incidents of staff looking up colleagues’ details, while 24 NHS trusts saw confidential information stolen, lost or left behind by staff.

It isn’t hard to believe. A quick search on Google reveals a catalogue of past data breaches. In September 2010, for example, The Surrey and Sussex Healthcare NHS Trust lost 800 patient records on an unencrypted data stick.

Technology isn’t to blame for data breach epidemic

The head of strategic relations at the Information Commissioner’s Office (ICO), Jonathan Bamford, has previously said that the number of NHS data breaches is a ‘cause for concern’.

In the same speech Bamford said that health care professionals often fail to realise how technology can endanger patient privacy. My question is why?

My doctor is privy to a host of information about me and also happens to have kids at the same school as mine (I often blush when we exchange “hellos” at the school fete) but she’d never dream of sharing this information with other parents. Nor should she.

It’s laughable that any NHS staff member could think it acceptable to publish patient records on a social network like Facebook. A lack of tech nous is no excuse – there are few who are ignorant of the public nature of Facebook.

Speaking at a previous health care conference, Bamford summed up the situation well:

‘The same people who wouldn’t dream of chatting about patient information […] down the curry house on a Friday evening, are the very same people who are losing memory sticks with lots of information on it.’

Is dismissal part of the cure for NHS data breaches?

Of the 800 incidents discovered, just 102 cases resulted in staff dismissal. So should more NHS staff be sacked if they’ve been found guilty of breaching patient data?

In a survey of over 1,000 UK patients, 87% said NHS managers should be sacked or fined if they knew of potential data risks and failed to act on them.

It may sound radical, but I’m also inclined to agree with the 97% who said that NHS managers should have a ‘legal and ethical duty to protect their data’.

If they don’t accept this responsibility then the net result could be a loss of trust in the NHS and those who work for it. Were that to happen, I’d consider it a medical emergency.

16 comments

Add your comments

avatar

wavechange

This is not good but I doubt that anyone dies as a result of such carelessness. I think the main focus needs to be on keeping people alive and healthy.

avatar

julieshrive

I suspect the above may be one of those responsible judging by questionable attitude,In late 60′s before Thatchers Cuts I had research to find why I had chronic utis. 3 weekly waiting 5 hrs to access medication . It was found I had spina bifida occulta plus numerous other associated conditions which have since been ignored . The notes were returned to me [ legal?] along with numerous appts wound up by the administration .Since then the condition has been ignored . Consequently I had a cardiac arrest where died 3x so suspect false economy.

avatar

UK biggest sceptic?

Well how about this, I have children at the same school as my midwife’s children, the midwife’s oldest child (of about 9yrs old) was telling my eldest daughter only last week about the circumstances over us leaving the last place we lived at (which were grossly exaggerated but with an element of truth that only the midwife knew), and personal details over my medical condition. If I complain I’ll be disallowed from having a home birth, so I can’t do anything about it until the baby has been born, in the meantime this woman is going around telling god knows who, god knows what, about me and my family and to make it worse, only a tiny bit of it is accurate…

avatar

maryofdungloe

Why on earth would snitching on the midwife stop you from having your baby at home?

You are allowed to have your baby where and when you see fit, surely?

Unless there are complications in your pregnancy I can’t see why you shouldn’t give birth at home.

avatar

with held

I work in the NHS and I can tell you that the leaks are just the tip of the iceberg. 99% of patient data breeches are covered up by overpaid incompetent managers, and illiterate staff.

avatar

Dave "

Hi UK biggest sceptic, You should complain not only to seek appropriate action against the midwife but to stop her other patients suffering similar problems.Telephone your Primary Care Trust for guidance on lodging your complaint to them.You can also complain separately to the Nursing and Midwifery Council which regulates those professions and has the authority to stop nurses and midwives from practitioning where appropriate.

avatar

Fath

Funny how other people have access to our records, yet we cannot as yet see our own records. I signed up for this nearly 2 years ago & I am still waiting – we were told System One was needed, this is now available but GP’s are still reluctant to to allow us to see them.

avatar

Phil James

I have worked in the National Programme for IT since its inception (and previously in the NHS) and can comment that a vast sum of public money has been spent on security design/features in a host of NHS applications. However, poor practice and ignorance in a range of primary, secondary and tertiary healhcare settings has led to the kind of issues listed (and underestimated) above. The only solution is to ensure every system user is audited and made personally responsible for their actions. This must include the option for dismissal.

avatar

peter t

This was (is?) a vast project, it may save lives, but most of the IT people I know who have been involved with it have all said the same thing. It has been designed in a top down manner, so the needs of the most frequent end users were ignored in favour of management needs. I think it is also fair to say that a less ambitious aim, well implemented that could be expanded upon would have been more successful and less costly.
With the NHS being I believe the largest European employer, leaks are almost inevitable. Perhaps the question that should have been asked is “do the benefits of this idea outweigh the downside of the inevitable leaks?” With our society apparently hell bent on following the Americans into litigation being the first rather than the last resort I’m sure the ambulance chasers who are as morally bankrupt as the press will find ways of getting information they are not entitled to, but that is not the problem with this project more a reflection on where our society is headed

avatar

B

Everyone has a right to see their own personal records but you may have to pay a fee since this may involve additional professional time. http://www.cfoi.org.uk/persfilesintro.html. Privacy of medical records is absolutely fundamental – if information leaks people may tell the doctor a very limited story, and not get properly diagnosed and treated. Hence data privacy is paramount to keeping people alive and healthy. Doctors don’t take the Hyppocratic Oath, that’s a myth, but they are required to observe the basics by the General Medical Council. Nurses also have codes of conduct but I’m not sure where managers stand other than contractually. When I was a GP we were able to look up pathology (test) results online and access was remotely cross referenced with our electronic patient list of the day. I was once phoned to explain why I had accessed a lady’s path record – she walked in as an emergency, but it was reassuring that the system worked!
I used to worry about the never ending and increasing demand for the totality of a patient’s notes by injury lawyers, especially since some of the data was very very personal and when I rang the patient to check if they had given full informed consent to this they were horrified, so records had to be withheld, but not everyone is conscientious. Then the records presumably get sent out to consultants as well and goodness knows who opens and looks inside the bursting envelopes.
In such a huge organisation data can never be 100% secure which is why many GPs felt strongly against the centralisation of medical records, and certainly didn’t want their own records uploaded.

avatar

ArgonautoftheSeas

Yes…. I got the totality of my medical records gratis from my personal injury
solicitor in regard to an unrelated matter I’m contemplating suing myself. And such totality
includes complete bundle of patient notes in respect of other and previous GPs (of long ago)
as well, I was a little astonished to find.

I have to say though what I’d actually said to the GP was not always accurately reflected
in the notes made. So a caveat to all.

There may well be a charge if I were to approach my GP for such identical information,
warts and all, that is, however, not in his/her power to withhold on payment of prescribed
fee.

avatar

Fath

The whole idea of “Summary Care Records” within the “Health Space” system was so that the patient could see their own record online without having to pay for it, I would like to check mine as I sometimes think that what has been said/written in them is not always an accurate representation of what w as (or what I understood was said) said at a GP visit, or hospital appointment. I have had a Health Space account since March 2010 & was told, by letter, that my SCR would created by June 2010. So far -October 2011, this has not happened so I contacted them I am awaiting a reply from the Health Space people as to why it has not happened. My account is password protected.

avatar

terfar

I find it hard to believe any large organisation is to be trusted with our personal data. The bigger the organisation, the less I trust. And with the government, I don’t trust them at all!

There seems to be little common sense these days. The rigmarole of going through anti-laundering security to sell a house or purchase some foreign currency seems totally ott to me.

I trust my doctor, but I don’t trust the computer systems or the procedures for handling sensitive information. Even MPs throw private correspondence in public bins.

avatar

Jason

I don’t know why people are complaining so much: We get the NHS for free (at point of delivery) and (to keep costs down) it employs staff for as little possible and provides meagre support for these workers. High quality service and top quality staff backed by world class systems is not on the agenda as the British public has shown no desire to pay more either via taxes or personally (private or co-payment systems). We have clearly got the NHS we have paid for which means demoralized, substandard clinical and managerial staff who have a correspondingly low interest in the niceties of data protection and refraining from idle gossip about patients.

avatar

Ken H

I refused a request from my GP to allow my medical information put onto the National Database, but when I had to contact NHS Direct they asked my permission to access my details online, and could quote information that I would only choose to discuss with my Doctor.
I refused to go onto the database in the first place, knowing that anyone in the NHS could access my private information, and from past experience I know that there is no effective protection from hackers and persons searching for personal information. I have since received offers from private medical companies directly related to my medical condition that can only have come from confidential information, and this has only happened since I refused to to onto the National Database. No doubt someone is making money by selling my personal medical information.

avatar

busy b

Instead of spending such vast sums on well paid IT consultants & new hard wear – sort out the other problems the NHS has first, before embarking on new venture – This is the GROUND WORK for a UK NHS branded ‘IDENTITY CARD’ !

Back to top

Post a Comment

Commenting guidelines

Your email is never published nor shared. Required fields are marked

Tired of typing your name and email? Why not register.

Register or Log in

Browse by Category

Consumer Rights

776 Conversations

9651 Participants

27909 Comments

Energy & Home

658 Conversations

7287 Participants

25317 Comments

Money

825 Conversations

6302 Participants

16392 Comments

Technology

781 Conversations

7660 Participants

20144 Comments

Transport & Travel

603 Conversations

4839 Participants

13557 Comments