Doctor loses patient data on laptop after breaking policy to take it home
Hull and East Yorkshire Hospitals NHS Trust has apologised after patient data was stolen from a doctor's home.
The data, that includes 1,000 patients' names, dates of birth and hospital treatment, was on a laptop that had been taken home, contravening policy, and was stolen from the doctor's home in November.
Talking to BBC News, Dr David Hepburn, medical director for Hull and East Yorkshire NHS Trust, said steps had been taken to prevent patient details being downloaded from computers but it was more difficult to control information being sent by email.
He said: “This particular employer used email to send the information to himself and then stored it on a non-encrypted laptop. We have already written to anyone affected by this to inform them of these incidents and therefore anyone who has not received a letter has no cause for concern. The trust takes data protection issues very seriously and this member of staff is currently the subject of a disciplinary process."
Chris McIntosh, CEO of Stonewood, said: “As the third serious security breach involving Hull citizens' data to come to light in under a year, this theft is a perfect example of the fact that, as far as data security is concerned, lightning can very easily strike twice in the same place.
“It is all very well organisations having regulations on data protection, yet if they can be easily broken by employees, whether knowingly or not, they become meaningless. This doctor should never have had the opportunity to take unencrypted data home with them.
“Hull and East Yorkshire trust needs to have more than regulations in place that simply shift the blame to employees. For example, it must thoroughly train its workers on the importance of data security. It must provide them with encrypted storage to ensure data is safe when at rest and it should put into place software solutions to prevent sensitive data from being saved on unencrypted hardware.
“If these measures aren't taken, all that will happen is that more and more information will be put at risk and more and more public money will need to be spent on the inevitable civil penalties resulting from such losses.”