Information request reveals continued increase in NHS data breaches

Share this article:
Proposed NHS portal raises questions about data security
Proposed NHS portal raises questions about data security

Data breaches in hospitals rose by 20 per cent year-on-year.

According to a Freedom of Information Act request from 55 hospital trusts by Pulse Today, the number of breaches rose from 2,337 in 2011/12 to 2,805 in 2012/13. These included patients being given a different patient's details in error, patient information being given to a relative without their permission, voicemails left to the wrong person, letters left in public meeting rooms and letters sent to patients' previous GPs.

The request found that following a 15 per cent increase in data and confidentiality breaches between 2010/11 and 2011/12, there were 7,138 incidents over the last three years at the 55 trusts.

A spokesperson for the Information Commissioner's Office said: “The health service holds some of the most sensitive information available. This is why it is so important that they look after patients' data correctly and in compliance with the Data Protection Act.

“We will continue to work with the health service to help them keep the personal information they use and store secure.”

Stephen Midgley, vice president of global marketing at Absolute Software, said: “As a public service, the health sector supports over a million patients each day, and this responsibility includes the protection of any patient confidential information. The claims of a member of the public finding a letter in hospital grounds with the clinical diagnosis of another patient's cancer, is simply unacceptable.

“With the NHS facing tough cost saving initiatives and the wider data debate and challenges surrounding the plans to deliver a fully paperless model by 2018, it's essential that the world's largest healthcare system considers the risk impact of data breaches and puts protecting its physical and digital data assets at the top of its priority list.

“There are basic steps organisations can take to protect themselves, and the first is a comprehensive data policy in place from the very beginning. This starts with education, right across the NHS and its staff.”

Share this article: