/ Technology

Patient data breached five times a week. Do you trust the NHS?

The foundation of the doctor/patient relationship is trust, but it seems you can’t say the same of the NHS in this digital age. Patient data is apparently leaked five times a week – staff need to take extra care with technology.

According to Freedom of Information Act requests by Big Brother Watch, there were 806 incidents over the last three years where the laws protecting the privacy of patient records were breached.

Breaches included 23 instances of patient information being posted on a social network, 91 incidents of staff looking up colleagues’ details, while 24 NHS trusts saw confidential information stolen, lost or left behind by staff.

It isn’t hard to believe. A quick search on Google reveals a catalogue of past data breaches. In September 2010, for example, The Surrey and Sussex Healthcare NHS Trust lost 800 patient records on an unencrypted data stick.

Technology isn’t to blame for data breach epidemic

The head of strategic relations at the Information Commissioner’s Office (ICO), Jonathan Bamford, has previously said that the number of NHS data breaches is a ‘cause for concern’.

In the same speech Bamford said that health care professionals often fail to realise how technology can endanger patient privacy. My question is why?

My doctor is privy to a host of information about me and also happens to have kids at the same school as mine (I often blush when we exchange “hellos” at the school fete) but she’d never dream of sharing this information with other parents. Nor should she.

It’s laughable that any NHS staff member could think it acceptable to publish patient records on a social network like Facebook. A lack of tech nous is no excuse – there are few who are ignorant of the public nature of Facebook.

Speaking at a previous health care conference, Bamford summed up the situation well:

‘The same people who wouldn’t dream of chatting about patient information […] down the curry house on a Friday evening, are the very same people who are losing memory sticks with lots of information on it.’

Is dismissal part of the cure for NHS data breaches?

Of the 800 incidents discovered, just 102 cases resulted in staff dismissal. So should more NHS staff be sacked if they’ve been found guilty of breaching patient data?

In a survey of over 1,000 UK patients, 87% said NHS managers should be sacked or fined if they knew of potential data risks and failed to act on them.

It may sound radical, but I’m also inclined to agree with the 97% who said that NHS managers should have a ‘legal and ethical duty to protect their data’.

If they don’t accept this responsibility then the net result could be a loss of trust in the NHS and those who work for it. Were that to happen, I’d consider it a medical emergency.


This is not good but I doubt that anyone dies as a result of such carelessness. I think the main focus needs to be on keeping people alive and healthy.


I suspect the above may be one of those responsible judging by questionable attitude,In late 60’s before Thatchers Cuts I had research to find why I had chronic utis. 3 weekly waiting 5 hrs to access medication . It was found I had spina bifida occulta plus numerous other associated conditions which have since been ignored . The notes were returned to me [ legal?] along with numerous appts wound up by the administration .Since then the condition has been ignored . Consequently I had a cardiac arrest where died 3x so suspect false economy.

UK biggest sceptic? says:
31 October 2011

Well how about this, I have children at the same school as my midwife’s children, the midwife’s oldest child (of about 9yrs old) was telling my eldest daughter only last week about the circumstances over us leaving the last place we lived at (which were grossly exaggerated but with an element of truth that only the midwife knew), and personal details over my medical condition. If I complain I’ll be disallowed from having a home birth, so I can’t do anything about it until the baby has been born, in the meantime this woman is going around telling god knows who, god knows what, about me and my family and to make it worse, only a tiny bit of it is accurate…

maryofdungloe says:
31 October 2011

Why on earth would snitching on the midwife stop you from having your baby at home?

You are allowed to have your baby where and when you see fit, surely?

Unless there are complications in your pregnancy I can’t see why you shouldn’t give birth at home.

with held says:
3 November 2011

I work in the NHS and I can tell you that the leaks are just the tip of the iceberg. 99% of patient data breeches are covered up by overpaid incompetent managers, and illiterate staff.


Hi UK biggest sceptic, You should complain not only to seek appropriate action against the midwife but to stop her other patients suffering similar problems.Telephone your Primary Care Trust for guidance on lodging your complaint to them.You can also complain separately to the Nursing and Midwifery Council which regulates those professions and has the authority to stop nurses and midwives from practitioning where appropriate.

Fath says:
4 November 2011

Funny how other people have access to our records, yet we cannot as yet see our own records. I signed up for this nearly 2 years ago & I am still waiting – we were told System One was needed, this is now available but GP’s are still reluctant to to allow us to see them.

Phil James says:
4 November 2011

I have worked in the National Programme for IT since its inception (and previously in the NHS) and can comment that a vast sum of public money has been spent on security design/features in a host of NHS applications. However, poor practice and ignorance in a range of primary, secondary and tertiary healhcare settings has led to the kind of issues listed (and underestimated) above. The only solution is to ensure every system user is audited and made personally responsible for their actions. This must include the option for dismissal.


This was (is?) a vast project, it may save lives, but most of the IT people I know who have been involved with it have all said the same thing. It has been designed in a top down manner, so the needs of the most frequent end users were ignored in favour of management needs. I think it is also fair to say that a less ambitious aim, well implemented that could be expanded upon would have been more successful and less costly.
With the NHS being I believe the largest European employer, leaks are almost inevitable. Perhaps the question that should have been asked is “do the benefits of this idea outweigh the downside of the inevitable leaks?” With our society apparently hell bent on following the Americans into litigation being the first rather than the last resort I’m sure the ambulance chasers who are as morally bankrupt as the press will find ways of getting information they are not entitled to, but that is not the problem with this project more a reflection on where our society is headed<