/ Technology

Patient data breached five times a week. Do you trust the NHS?

Doctors looking at computer

The foundation of the doctor/patient relationship is trust, but it seems you can’t say the same of the NHS in this digital age. Patient data is apparently leaked five times a week – staff need to take extra care with technology.

According to Freedom of Information Act requests by Big Brother Watch, there were 806 incidents over the last three years where the laws protecting the privacy of patient records were breached.

Breaches included 23 instances of patient information being posted on a social network, 91 incidents of staff looking up colleagues’ details, while 24 NHS trusts saw confidential information stolen, lost or left behind by staff.

It isn’t hard to believe. A quick search on Google reveals a catalogue of past data breaches. In September 2010, for example, The Surrey and Sussex Healthcare NHS Trust lost 800 patient records on an unencrypted data stick.

Technology isn’t to blame for data breach epidemic

The head of strategic relations at the Information Commissioner’s Office (ICO), Jonathan Bamford, has previously said that the number of NHS data breaches is a ‘cause for concern’.

In the same speech Bamford said that health care professionals often fail to realise how technology can endanger patient privacy. My question is why?

My doctor is privy to a host of information about me and also happens to have kids at the same school as mine (I often blush when we exchange “hellos” at the school fete) but she’d never dream of sharing this information with other parents. Nor should she.

It’s laughable that any NHS staff member could think it acceptable to publish patient records on a social network like Facebook. A lack of tech nous is no excuse – there are few who are ignorant of the public nature of Facebook.

Speaking at a previous health care conference, Bamford summed up the situation well:

‘The same people who wouldn’t dream of chatting about patient information […] down the curry house on a Friday evening, are the very same people who are losing memory sticks with lots of information on it.’

Is dismissal part of the cure for NHS data breaches?

Of the 800 incidents discovered, just 102 cases resulted in staff dismissal. So should more NHS staff be sacked if they’ve been found guilty of breaching patient data?

In a survey of over 1,000 UK patients, 87% said NHS managers should be sacked or fined if they knew of potential data risks and failed to act on them.

It may sound radical, but I’m also inclined to agree with the 97% who said that NHS managers should have a ‘legal and ethical duty to protect their data’.

If they don’t accept this responsibility then the net result could be a loss of trust in the NHS and those who work for it. Were that to happen, I’d consider it a medical emergency.

Profile photo of wavechange

This is not good but I doubt that anyone dies as a result of such carelessness. I think the main focus needs to be on keeping people alive and healthy.

Profile photo of julieshrive

I suspect the above may be one of those responsible judging by questionable attitude,In late 60’s before Thatchers Cuts I had research to find why I had chronic utis. 3 weekly waiting 5 hrs to access medication . It was found I had spina bifida occulta plus numerous other associated conditions which have since been ignored . The notes were returned to me [ legal?] along with numerous appts wound up by the administration .Since then the condition has been ignored . Consequently I had a cardiac arrest where died 3x so suspect false economy.

UK biggest sceptic? says:
4 years 26 days ago

Well how about this, I have children at the same school as my midwife’s children, the midwife’s oldest child (of about 9yrs old) was telling my eldest daughter only last week about the circumstances over us leaving the last place we lived at (which were grossly exaggerated but with an element of truth that only the midwife knew), and personal details over my medical condition. If I complain I’ll be disallowed from having a home birth, so I can’t do anything about it until the baby has been born, in the meantime this woman is going around telling god knows who, god knows what, about me and my family and to make it worse, only a tiny bit of it is accurate…

maryofdungloe says:
4 years 26 days ago

Why on earth would snitching on the midwife stop you from having your baby at home?

You are allowed to have your baby where and when you see fit, surely?

Unless there are complications in your pregnancy I can’t see why you shouldn’t give birth at home.

with held says:
4 years 23 days ago

I work in the NHS and I can tell you that the leaks are just the tip of the iceberg. 99% of patient data breeches are covered up by overpaid incompetent managers, and illiterate staff.

Profile photo of dave newcastle

Hi UK biggest sceptic, You should complain not only to seek appropriate action against the midwife but to stop her other patients suffering similar problems.Telephone your Primary Care Trust for guidance on lodging your complaint to them.You can also complain separately to the Nursing and Midwifery Council which regulates those professions and has the authority to stop nurses and midwives from practitioning where appropriate.


Funny how other people have access to our records, yet we cannot as yet see our own records. I signed up for this nearly 2 years ago & I am still waiting – we were told System One was needed, this is now available but GP’s are still reluctant to to allow us to see them.

Phil James says:
4 years 22 days ago

I have worked in the National Programme for IT since its inception (and previously in the NHS) and can comment that a vast sum of public money has been spent on security design/features in a host of NHS applications. However, poor practice and ignorance in a range of primary, secondary and tertiary healhcare settings has led to the kind of issues listed (and underestimated) above. The only solution is to ensure every system user is audited and made personally responsible for their actions. This must include the option for dismissal.

Profile photo of peter t

This was (is?) a vast project, it may save lives, but most of the IT people I know who have been involved with it have all said the same thing. It has been designed in a top down manner, so the needs of the most frequent end users were ignored in favour of management needs. I think it is also fair to say that a less ambitious aim, well implemented that could be expanded upon would have been more successful and less costly.
With the NHS being I believe the largest European employer, leaks are almost inevitable. Perhaps the question that should have been asked is “do the benefits of this idea outweigh the downside of the inevitable leaks?” With our society apparently hell bent on following the Americans into litigation being the first rather than the last resort I’m sure the ambulance chasers who are as morally bankrupt as the press will find ways of getting information they are not entitled to, but that is not the problem with this project more a reflection on where our society is headed


Everyone has a right to see their own personal records but you may have to pay a fee since this may involve additional professional time. Privacy of medical records is absolutely fundamental – if information leaks people may tell the doctor a very limited story, and not get properly diagnosed and treated. Hence data privacy is paramount to keeping people alive and healthy. Doctors don’t take the Hyppocratic Oath, that’s a myth, but they are required to observe the basics by the General Medical Council. Nurses also have codes of conduct but I’m not sure where managers stand other than contractually. When I was a GP we were able to look up pathology (test) results online and access was remotely cross referenced with our electronic patient list of the day. I was once phoned to explain why I had accessed a lady’s path record – she walked in as an emergency, but it was reassuring that the system worked!
I used to worry about the never ending and increasing demand for the totality of a patient’s notes by injury lawyers, especially since some of the data was very very personal and when I rang the patient to check if they had given full informed consent to this they were horrified, so records had to be withheld, but not everyone is conscientious. Then the records presumably get sent out to consultants as well and goodness knows who opens and looks inside the bursting envelopes.
In such a huge organisation data can never be 100% secure which is why many GPs felt strongly against the centralisation of medical records, and certainly didn’t want their own records uploaded.

Profile photo of ArgonautoftheSeas

Yes…. I got the totality of my medical records gratis from my personal injury
solicitor in regard to an unrelated matter I’m contemplating suing myself. And such totality
includes complete bundle of patient notes in respect of other and previous GPs (of long ago)
as well, I was a little astonished to find.

I have to say though what I’d actually said to the GP was not always accurately reflected
in the notes made. So a caveat to all.

There may well be a charge if I were to approach my GP for such identical information,
warts and all, that is, however, not in his/her power to withhold on payment of prescribed


The whole idea of “Summary Care Records” within the “Health Space” system was so that the patient could see their own record online without having to pay for it, I would like to check mine as I sometimes think that what has been said/written in them is not always an accurate representation of what w as (or what I understood was said) said at a GP visit, or hospital appointment. I have had a Health Space account since March 2010 & was told, by letter, that my SCR would created by June 2010. So far -October 2011, this has not happened so I contacted them I am awaiting a reply from the Health Space people as to why it has not happened. My account is password protected.

Profile photo of terfar

I find it hard to believe any large organisation is to be trusted with our personal data. The bigger the organisation, the less I trust. And with the government, I don’t trust them at all!

There seems to be little common sense these days. The rigmarole of going through anti-laundering security to sell a house or purchase some foreign currency seems totally ott to me.

I trust my doctor, but I don’t trust the computer systems or the procedures for handling sensitive information. Even MPs throw private correspondence in public bins.


I don’t know why people are complaining so much: We get the NHS for free (at point of delivery) and (to keep costs down) it employs staff for as little possible and provides meagre support for these workers. High quality service and top quality staff backed by world class systems is not on the agenda as the British public has shown no desire to pay more either via taxes or personally (private or co-payment systems). We have clearly got the NHS we have paid for which means demoralized, substandard clinical and managerial staff who have a correspondingly low interest in the niceties of data protection and refraining from idle gossip about patients.


I refused a request from my GP to allow my medical information put onto the National Database, but when I had to contact NHS Direct they asked my permission to access my details online, and could quote information that I would only choose to discuss with my Doctor.
I refused to go onto the database in the first place, knowing that anyone in the NHS could access my private information, and from past experience I know that there is no effective protection from hackers and persons searching for personal information. I have since received offers from private medical companies directly related to my medical condition that can only have come from confidential information, and this has only happened since I refused to to onto the National Database. No doubt someone is making money by selling my personal medical information.


Instead of spending such vast sums on well paid IT consultants & new hard wear – sort out the other problems the NHS has first, before embarking on new venture – This is the GROUND WORK for a UK NHS branded ‘IDENTITY CARD’ !

David Hanover says:
2 months 7 days ago

I am currently waiting for my local NHS trust to come up with a decent explaination of why and how they managed to lose my data. Which was copied onto a private and un encrypted USB stick. This they said was found near by the hospital grounds… I dont believe in anything they say and would you! This occured at the Eastbourne DGH.

Profile photo of duncan lucas

You voted for it ! You knew Cameron wanted to wholly privatise the NHS just like the USA so why complain ? . IN England all your records will be available (eventually ) on -line even on your latest £300 smart watch so that your local GP can update you on appointments . How much has the NHS spent on bungled computer systems ? =Millions all to please Westminsters neo-CON policy . Get ready for Blue Shield /Blue Cross insurance here my wife needed TWO insurance policies in Santa Monica and even then it was only 95 % covered . Biggest US citizen debt ?? NO ! not their mortgage but your Medical Bill so accept reality you got what you wanted by your votes . IT is going to get worse – US -11 million patients records hacked recently Americans are looking out now for targetted adverts for medical products on line and via US Post.

Profile photo of duncan lucas

Reporting on the NHS the Guardian interviews Norman Lamb ex Health Minister as saying Quote= NHS will crash in 2 years ,Tories “dishonest ” in refusing to admit this. Many private companies refuse to renew contracts due to local councils not being able to pay them due to cut backs (government ) Old those with mental illness effected first.

Profile photo of John Ward

I occasionally wonder whether the NHS should be turned into another constituent part of the United Kingdom with its own elected Parliament, its own revenue raising powers, and its own engagement with the population. It seems at the moment that there is no consistent way in which the funds available are allocated, or decisions made about which procedures or treatment programmes can or cannot be afforded, there seems to be no rational, equitable and accountable philosophy about the objectives of the service and the priorities in terms of a hierarchy of access to treatment and intervention. I might be doing the NHS a great disservice, but if all this is being taken care of why is it not in the public domain?

To some degree, treatment is available according to whether a drug happens to be on the market that relieves the condition, or whether a procedure has been developed to restore bodily functionality, but then only if the relevant NHS trust has any money left in its budget, hence the ‘postcode lottery’. This is not rational, nor efficient, nor ethical.

Where is the debate taking place about the rights and wrongs of costly treatments deriving from the consequences of self-selected lifestyles or behaviours? Is sustaining life always the right answer? Is denial of treatment a legitimate response in certain conditions or circumstances? Why are hospices having to be funded by charitable resources? Should there be a national nurse recruitment, training and development programme that also concerns itself with the health and safety of the nurses themselves? As the gatekeepers to the NHS’s advanced services, are the GP’s enabled and guided to making the right decisions, and should the only criterion be the best interests of the patient? What is the value and role of preventive work and education in the allocation of resources? Is there a place for a compulsory triennial examination to screen for incipient conditions and develop personal treatment or alleviation programmes? Should the NHS intervene in the availability and consumption of unhealthy products?

Questions such as these are probably being debated within the internal committees of the Department of Health and the NHS apparatus but the only things that seems to come out are reports that if all hospitals bought the same toilet paper we could save a million pounds a year and the debate descends to that sort of level.

Profile photo of Ian

There are two problems: we’re living longer, although not necessarily more healthily, and treatments have become both far more effective and far more costly.

It’s not unique to us. Every developed country has the same issues, but few are prepared to raise taxes sufficiently to pay for it. Denmark is, however, and perhaps they offer a route forward.

Profile photo of John Ward

The additional problem in this country, for historical reasons, is that we have this sense of entitlement to a completely comprehensive health service with no budgetary or staffing or equipment limitations on its delivery. You could double the scale of the NHS and still leave dissatisfaction. Politicians will not face up to this. Once again in the UK public services, in terms of resource provision, the best has become the enemy of the good.

Profile photo of Ian

It’s tricky, isn’t it? Repeated crises with A & E, bed blocking, shortage of GPs – al these require different solutions. You could attempt to ameliorate the worst times at A & E with a few simple measures, such as more rapid and effective triage teams, better security and a more intolerant approach to abusers and drunks. But bed blocking, which I believe is one of the worst issues, exists because ancillary and post-operative services have been slashed, so hospitals (whose hands are full with treating people) are having to spend valuable time attempting to liaise with social services in various other counties and – because hospitals can’t simply throw old folk out on the street – the patients are stuck.

But social care budgets have also been slashed, so they’re stuck too. There are no villains in all of this, much as we might like to find some. It’s a question of funding the services we have adequately which means tax rises.

Profile photo of malcolm r

One dilemma perhaps is that although we live much longer and in better health than when the pensions system was devised we don’t work much longer – so potentially tax revenue is lessened and we certainly pay the state pension for much longer. Is this longer retirement drawing on state benefits a luxury we can not afford? Would this money be better spent on the NHS?

I am also in favour of using medical professionals to take a key part in running the health service not tiers of professional managers, or outside contractors.

And abolish free prescriptions automatically granted to everyone in retirement (and maybe other groups with adequate income); many are quite well off enough to pay for them, particularly when an annual card costs just £2 a week. Make sure free prescriptions just go to those in real need of them.

And sort out wasteful and uncoordinated purchasing.

Its easy as an outsider, isn’t it?

Profile photo of John Ward

I agree Malcolm. The state retirement pension age is being progressively rolled back but this exercise started too late and is probably falling behind the correct actuarial time-scale. As political hot potatoes goes it’s a bit of a scorcher so no surprises there.

I think your comments on free prescriptions are also spot on. It would probably encourage people to take better care of themselves, sort out minor ailments themselves getting assistance from pharmacists [who are as highly trained as GP’s and could relieve some of the pressure on primary care], reduce dependency on drugs, and overall reduce demand.

Profile photo of duncan lucas

No villains ?? -aye right ! everything but put the blame where it lies the governments fixed policy of total privatization of the NHS . Starve funds to the NHS -make it look as though its the staff,s fault or “inefficient run ” -good propaganda well here,s a down to earth truthful fact . In the US where Cameron gets his ideas from its just been announced that the giant Pharmaceutical company =Turing Pharmaceuticals of NY has bought the patent of the medicine–Daraprim -this drug has been out for 60 years in the treatment of Aids/ Cancer / uncooked meat/ diseased water etc . They immediately raised the price -PER PILL from $13.50 to $750 no that isnt a printing error the WHO lists it as an Essential medicine medical people in the US are “up in arms ” about it this will directly effect the 99 % who cant afford it ,many will die , .IT means if the NHS hasnt an equivalent then this drug will be restricted for use by the NHS in England , the company shareholders are happy the share price on the US stock exchange is up! Another knife in the back of the NHS who will now be blamed if they cant afford the drug. Time we got like India reproduced non-licensed varieties -oops ! sorry thats illegal isnt it ? but so is death by lack of drugs.