One in eight breaches reported by health service organisations resulted in staff dismissal
Figures released to the privacy campaign group Big Brother Watch show that 806 separate incidents involving patient medical records being compromised took place at 152 NHS trusts between July 2008 and July 2011.
The group, which obtained data from the majority of NHS organisations in the UK, found that breaches included 23 incidents of patient information being posted on social networking sites by staff, 129 separate instances of NHS employees looking up details of colleagues and family members and 57 incidents involving unsecured confidential information being stolen or lost by staff.
Of the 129 incidents concerning healthcare staff inappropriately looking up patient information, 91 related to an NHS employee illicitly viewing the confidential medical details of a colleague. In some cases the individual was found to have revealed the information to other staff.
The 23 incidents relating to breaches involving social media shows that 11 trusts released details of such incidents, in which 13 medical personnel were involved. One of the cases resulted in the dismissal of the employee. Over the last three years 102 health service employees have been dismissed for breaching data protection.
Nick Pickles, director of Big Brother Watch, said: "This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected.
"The information held in medical records is of huge personal significance and for details to be disclosed, maliciously accessed or lost and these cases represents serious infringements on patient privacy."
The group obtained the data through freedom of information requests sent to 428 trusts in England, Scotland, Wales and Northern Ireland. It received responses from 354 trusts, with 55 providing partial responses and 74 not replying.
The group's findings follow the justice committee's recent backing for the Information Commissioner's Office (ICO) to gain more powers. A report by the committee said that the ICO should have the power to issue custodial sentences for breaches of the Data Protection Act. At present it can only issue fines to organisations which breach the act. Its report also said that the privacy watchdog has limited powers to prevent data protection breaches, particularly in the healthcare sector.
This article is published by Guardian Professional. Join the Guardian Healthcare Network to receive regular emails on NHS innovation.
Read the complete post at http://www.guardian.co.uk/healthcare-network/2011/oct/28/nhs-staff-breach-personal-data-806-times
Oct 27 2011, 07:01 PM
Healthcare Network | guardian.co.uk
Filed under: news, health, informatics, Scotland, England, Security, Healthcare Network, Guardian Professional, Guardian Government Computing, Information security, Wales, Northern Ireland