Trust loses cancer patients' data

Wednesday, October 28, 2009

Ashford and St Peter's Hospitals NHS Trust has agreed to improve its data security after losing three unencrypted USB memory sticks.

Each of the devices contained the full treatment and full diagnosis history relating to a number of cancer patients. The information on the USB sticks was in Word format - leaving the material easily accessible to anyone with a computer.

In response, the trust's chief executive, Andrew Liles, has signed a formal undertaking confirming that the trust will take a number of steps to improve its data security. These include the encryption of all its portable and mobile devices and staff receiving the appropriate training and being made aware of the hospital's policy for the storage and use of personal data.

Mick Gorrill, assistant information commissioner, said: "In this case, our investigation found that there was a lack of understanding and awareness among staff of their responsibilities under the Data Protection Act. Good data protection practice should be a matter of corporate governance and I am pleased the trust is implementing a number of changes to alert staff to data protection policies and procedures in the future."