The foundation of the doctor/patient relationship is trust, but it seems you can’t say the same of the NHS in this digital age. Patient data is apparently leaked five times a week – staff need to take extra care with technology.
According to Freedom of Information Act requests by Big Brother Watch, there were 806 incidents over the last three years where the laws protecting the privacy of patient records were breached.
Breaches included 23 instances of patient information being posted on a social network, 91 incidents of staff looking up colleagues’ details, while 24 NHS trusts saw confidential information stolen, lost or left behind by staff.
It isn’t hard to believe. A quick search on Google reveals a catalogue of past data breaches. In September 2010, for example, The Surrey and Sussex Healthcare NHS Trust lost 800 patient records on an unencrypted data stick.
Technology isn’t to blame for data breach epidemic
The head of strategic relations at the Information Commissioner’s Office (ICO), Jonathan Bamford, has previously said that the number of NHS data breaches is a ‘cause for concern’.
In the same speech Bamford said that health care professionals often fail to realise how technology can endanger patient privacy. My question is why?
My doctor is privy to a host of information about me and also happens to have kids at the same school as mine (I often blush when we exchange “hellos” at the school fete) but she’d never dream of sharing this information with other parents. Nor should she.
It’s laughable that any NHS staff member could think it acceptable to publish patient records on a social network like Facebook. A lack of tech nous is no excuse – there are few who are ignorant of the public nature of Facebook.
Speaking at a previous health care conference, Bamford summed up the situation well:
‘The same people who wouldn’t dream of chatting about patient information […] down the curry house on a Friday evening, are the very same people who are losing memory sticks with lots of information on it.’
Is dismissal part of the cure for NHS data breaches?
Of the 800 incidents discovered, just 102 cases resulted in staff dismissal. So should more NHS staff be sacked if they’ve been found guilty of breaching patient data?
In a survey of over 1,000 UK patients, 87% said NHS managers should be sacked or fined if they knew of potential data risks and failed to act on them.
It may sound radical, but I’m also inclined to agree with the 97% who said that NHS managers should have a ‘legal and ethical duty to protect their data’.
If they don’t accept this responsibility then the net result could be a loss of trust in the NHS and those who work for it. Were that to happen, I’d consider it a medical emergency.