Hospital trust has patient data stolen

Monday, November 17, 2008

The details of 1,800 patients were contained on two computers stolen from Hull and East Yorkshire Hospitals NHS Trust. The records contained the names, addresses, treatment and diagnosis of renal and urology patients.

A personal computer storing the details of renal patients was stolen in June from a ward at Hull Royal Infirmary. A laptop holding the records of urology patients was also taken from a locked office at Castle Hill Hospital, in Cottingham, East Yorkshire, in September. A spokesman at the trust admitted to Public Servant Daily that neither device was encrypted.

In a statement the trust said letters of apology had been sent out to all patients affected by the data loss. A telephone contact line for those affected has been established if anyone wished to discuss the matter further.

Doctor David Hepburn, the trust's medical director, said: "The trust takes data protection issues very seriously and it is current trust policy that patient confidential information should not be stored on personal computers or laptops.

"We are currently reviewing our disposal and security procedures to establish whether anything more could have been done to prevent these thefts."

Calling the security lapses "completely intolerable", Liberal Democrat health spokesman Norman Lamb said there must be a "fundamental re-examination of how the NHS deals with personal data".

"The mindset within the NHS has to be changed to ensure that everyone recognises the fundamental importance of patients' data security. Protecting data must be a top priority in all circumstances. Information contained in patient records is incredibly sensitive. The time has surely come to regard major data loss as potential serious misconduct," he said.