Make sure computers are disposed of properly

Three separate health authorities have got into trouble with the Information Commissioner in the last two months for losing sensitive patient data.

The Primary Care Trusts (PCTs), which essentially are responsible for controlling the funding to GPs and hospitals within an area, have had to pledge to improve the security of patient data or risk prosecution.

Brent PCT got into trouble after two laptops were stolen in a break-in at the organisation. The stolen computer held the details of 389 patients, including the health details of some of the individuals. The data was not encrypted and the laptop was left on the desk, which was a breach of the PCT’s policy

Hastings and Rother PCT also had a computer stolen which contained sensitive patient data. The building that was broken into did not have adequate security and the data controller had previously expressed worries about the lack of security at the premises. The PCT has now had to agree to make sure all office equipment and mobile devices are encrypted.

Camden PCT got into trouble after computers containing the data of 2,500 people, their addresses and their medical diagnoses were left beside a skip in the grounds of St Pancras Hospital. The computers, which were no longer in use and were not encrypted, later vanished and have never been recovered.

It would appear that the Information Commissioner’s Office has serious concerns about the way patients’ data is handled by health authorities. These enforcement notices are clearly a warning shot to other organisations to ensure they tighten up their own procedures.

Mick Gorrill, Assistant Information Commissioner, said: “I am increasingly concerned about the way some NHS organisations dispose of sensitive patient information.

“Organisations need to ensure they implement appropriate safeguards to ensure personal details about patients are disposed of in compliance with the Data Protection Act.”