The Information Commissioner Christopher Graham has urged the UK health service to do more to secure patients’ personal information.
The warning from the Information Commissioner’s Office (ICO) comes in the wake of findings that five more health organisations havebreached the Data Protection Act.
Graham said in a statement that it is important for the health service to take precautionary measures as it holds some of the most sensitive personal information of any sector in the UK. He also referred to the recent loss of laptops at NHS North Central London, which some security experts believe were unencrypted despite having the software license to do so.
Graham said, "Millions of records are constantly being accessed and we appreciate that there will be occasions where human error occurs. But recent incidents such as the loss of laptops at NHS North Central London – which we are currently investigating – suggest that the security of data remains a systemic problem.
Graham also said that the sector suffers from a culture where negligence has become a part of its nature.
Graham added, "The policies and procedures may already be in place but the fact is that they are not being followed on the ground. Health workers wouldn’t dream of discussing patient information openly with friends and yet they continue to put information on unencrypted memory sticks or fax it to the wrong number.
Content from our partners
"The sector needs to bring about a culture change so that staff give more consideration to how they store and disclose data. Complying with the law needn’t be a day-to-day burden if effective measures are built in and then become second nature."
Graham also said that the ICO is working with Connecting for Health to find out ways for the health service to tackle data security issues.
The five undertakings the ICO has issued to health bodies all relate to incidents where they failed to take appropriate steps to ensure that sensitive personal information was kept secure.
Citing examples of the cases of negligence in Ipswich Hospital NHS Trust and Dunelm Medical Practice in Durham, Graham said that they have been issued guidelines to avoid misplacement of records in future.
He said, undertakings have also been signed by East Midlands Ambulance Service NHS Trust, Lancashire Teaching Hospitals NHS Foundation Trust and Basildon and Thurrock NHS Trust.
Among the suggestions the ICO has for the health service are training of staff, data encryption and use of password encryption tools.
