View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Do more on data security, ICO warns NHS

'The sector needs to bring about a culture change,' says Information Commissioner Christopher Graham

By CBR Staff Writer

The Information Commissioner Christopher Graham has urged the UK health service to do more to secure patients’ personal information.

The warning from the Information Commissioner’s Office (ICO) comes in the wake of findings that five more health organisations havebreached the Data Protection Act.

Graham said in a statement that it is important for the health service to take precautionary measures as it holds some of the most sensitive personal information of any sector in the UK. He also referred to the recent loss of laptops at NHS North Central London, which some security experts believe were unencrypted despite having the software license to do so.

Graham said, "Millions of records are constantly being accessed and we appreciate that there will be occasions where human error occurs. But recent incidents such as the loss of laptops at NHS North Central London – which we are currently investigating – suggest that the security of data remains a systemic problem.

Graham also said that the sector suffers from a culture where negligence has become a part of its nature.

Graham added, "The policies and procedures may already be in place but the fact is that they are not being followed on the ground. Health workers wouldn’t dream of discussing patient information openly with friends and yet they continue to put information on unencrypted memory sticks or fax it to the wrong number.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"The sector needs to bring about a culture change so that staff give more consideration to how they store and disclose data. Complying with the law needn’t be a day-to-day burden if effective measures are built in and then become second nature."

Graham also said that the ICO is working with Connecting for Health to find out ways for the health service to tackle data security issues.

The five undertakings the ICO has issued to health bodies all relate to incidents where they failed to take appropriate steps to ensure that sensitive personal information was kept secure.

Citing examples of the cases of negligence in Ipswich Hospital NHS Trust and Dunelm Medical Practice in Durham, Graham said that they have been issued guidelines to avoid misplacement of records in future.

He said, undertakings have also been signed by East Midlands Ambulance Service NHS Trust, Lancashire Teaching Hospitals NHS Foundation Trust and Basildon and Thurrock NHS Trust.

Among the suggestions the ICO has for the health service are training of staff, data encryption and use of password encryption tools.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.