NHS losing yet more patient data

Carry on Data Loss?

Yet more NHS Trusts have been sent to the headmaster’s office for the slipshod way they deal with sensitive personal data.

This has been a recurrent theme this year and it would appear that the Information Commissioner is having a concerted push at NHS data security. Some might say it is like shooting fish in a barrel.

So far this year a total of 21 NHS executives in England have had to sign formal undertakings to promise to stick the letter of the Data Protection law.

The latest culprits are:

Surrey and Sussex Healthcare NHS Trust: A ward handover sheet containing the details of 23 patients was found discarded on a bus. Two computers, that were password protected, but contained the details of 80 patients were stolen from an area that was protected by three locked doors. Staff were said to have poor knowledge of the need to store data on network drives.

Royal Free Hampstead NHS Trust: A disc containing the details of 20,000 patients from the Cardiology department disappeared. The staff member responsible is said to have downloaded the data, of patients treated between 2000 and 2006 - but took five months to inform the hospital after the unencrypted disc disappeared. Where the disc is, how it was lost and exactly what it contains is unknown.

Hampshire Partnership NHS Trust: An employee attending a conference in London had their laptop stolen from the hotel. It contained the details of 349 patients and 258 staff. The laptop was not encrypted.

Epsom & St Helier University Hospitals NHS Trust: The Information Commissioner was brought in after a press report relating to the insecure handling of a  large quantity of patient records. An investigation found the records had been left in an room that was often unlocked after being moved from one site to another. Following a root cause analysis report by the Trust the Commissioner was still concerned the Trust appeared to have failed to recognise the staff training issues, equipment and resources factors, individual knowledge and skills areas, organisation and strategic issues and the question of culpability in respect of this breach.

Chelsea & Westminster Hospital NHS Foundation Trust: An unencrypted USB memory stick that held the personal data of 143 patients who attended a walk-in clinic at the hospital was stolen from an unattended and unlocked office. The memory stick belonged to the employee holding the clinic and was not password protected. The Trust employee was not aware that secure network drive and encryption facilities were available and used their own memory stick because Trust equipment was not available. It was also discovered that the Trust employee had used the memory stick and their own computer for home working.

ICO’s top man in Ireland suspended

Aubrey McCrory

Mystery surrounds the reasons why the Information Commissioner’s most senior official in Northern Ireland has been suspended from his job this week.

BBC News reported that it is alleged Aubrey McCrory engaged in inappropriate conduct (whatever that might be) within his Belfast office.

Aubrey McCrory was appointed assistant commissioner for the Information Commissioner’s Office (ICO) in Northern Ireland just over a year ago.

As head of the Northern Ireland office and an Assistant Commissioner it is believed he is paid around £58,000 per year.

A spokesman for the ICO said: “We can confirm that Aubrey McCrory, assistant commissioner for Northern Ireland, has been suspended on full pay pending an internal investigation into some allegations concerning his conduct.

“We stress that this suspension is a neutral act, with no presumption of guilt or innocence.

“To avoid prejudicing the investigation, we will offer no further information at this stage.”

His bio on the ICO’s website says: “Aubrey joined the ICO’s Belfast office in 2008 after working in improvement and regulatory roles covering central and local government, and private sector consultancy. Previously, he was a deputy director in the Equality Commission’s Policy and Development Division, with specific responsibility for the statutory equality duties. Aubrey has an honours degree in politics and public administration, a Master of Philosophy in conflict studies and a Master of Science in research methods.”