EmailA total of five trusts, also including Surrey and Sussex, and Epsom and St Helier, have signed formal undertakings to process personal data legally in future, the Information Commissioner's Office said on 14 July 2009.
Royal Free Hampstead NHS Trust said it had lost an unencrypted CD containing data on 20,000 cardiology patients' medical treatment. Hampshire Partnership NHS Trust said an unencrypted laptop with data on 349 patients and 258 staff was stolen from an employee at a conference.
Similarly, Chelsea and Westminster Hospital Foundation Trust reported the loss of an unencrypted memory stick which was not even password protected, probably stolen from an unlocked office. A member of staff had been taking it home for use on his own computer.
The three trusts will in future encrypt and password protect laptops, mobiles and portable devices.
A ward handover sheet containing data on 23 patients in the care of Surrey and Sussex NHS Trust was found on a bus, and the trust also said it had lost two unencrypted laptops, although they were kept behind three locked doors. Meanwhile, Epsom and St Helier University Hospital NHS Foundation Trust stored hospital records insecurely for nearly two years.
All the five trusts have agreed to implement appropriate security measures and train staff on storage policies.
"These five cases serve as a reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security," said Sally-Anne Poole, the ICO's head of enforcement and investigations. "It is important that staff adhere to policies designed to protect individuals' sensitive information."
;