Posted on June 26, 2010

Throughout the health care debate last year, it seemed only the positive aspects of government-run health programs surfaced from Britain and Canada.  But as Britain’s National Health Service (NHS)  automates its patient records, it seems roughly 800 patient records have been lost on a daily basis.  Massive government databases have serious down sides.  A prime example is the Homeland Security Database [see my post “Homeland Security Data Management – A disaster Waiting to Happen.” Consider that many of the same forces at work at Homeland Security are operative at NHS.

NHS loses 800 patients’ private files every day

By Jack Doyle
Last updated at 10:56 PM on 25th June 2010

More than 800 patient records are lost by the NHS every day, startling figures revealed last night. The scale of breaches emerged in exclusive Daily Mail research into the scandal of sensitive data that is lost or stolen.

The missing information includes personal health records, diagnoses or details of treatment.

Getting the record straight: The NHS loses 800 confidential  records each dayGetting the record straight: The NHS loses 800 confidential records each day

Often electronic data is carelessly left unencrypted and without proper password protection, while documents have been left in skips or stolen from unlocked cars and offices.

Critics said the figures raised questions over the new NHS database of medical records, which is now being constructed.

Alex Deane, director of Big Brother Watch, said: ‘The level of incompetence revealed by these data breaches is staggering. The NHS is clearly incapable of treating our private data with the necessary respect.

‘It goes to show that the NHS should not be building the enormous electronic database of everyone’s medical records.’

Earlier this week, the data protection watchdog issued an unprecedented rebuke to the NHS, warning of the lack of safeguards, after two trusts breached data rules.

Some 2,000 physiotherapy records were not properly filed by staff at NHS Stoke- on-Trent, while staff at Basingstoke and North Hampshire emailed 917 patients’ pathology results to another department from an unsecured email address without password protection.

Mick Gorrill, head of enforcement at the Information Commissioner’s Office, said: ‘Everyone makes mistakes, but regrettably there are far too many within the NHS.

‘Health bodies must implement the appropriate procedures when storing and transferring patients’ sensitive personal information.’

Analysis of reports of data losses shows that at least 305,000 individual patients were victims of data loss in the 12 months from April 2009.

That is around 835 every single day, and the true figure is likely to be even higher because many trusts had no idea how many patients were affected.

Incidents included an Accident and Emergency register found in a garden in August last year. It included sensitive personal data on patients’ physical and mental health.

In April last year, a memory stick containing information on 741 patients was left in a car and found by a car wash attendant.

In another case, 6,360 prisoner health records were lost on a memory stick which had the password stuck on it with an adhesive note.

Patients’ Association director Katherine Murphy said: ‘How many more times will the Information Commissioner need to single out the NHS for criticism before every trust starts taking its obligations seriously?

‘The commissioner has issued repeated warnings, and wrote a letter to the previous Secretary of State to highlight his concerns.

‘Cases like this illustrate why our helpline hears from lots of patients who are concerned about the prospect of a national database of records. If the NHS is failing to protect data at a local level, can it be trusted to ensure the security of a national database?’