Health trust found to have breached Data Protection Act

THE NHS trust which runs the QE2 Hospital in WGC has been found to be in breach of the Data Protection Act, after a doctor lost confidential patient data on a train.

The careless clinician mislaid an unencrypted memory stick containing the sensitive information during a train journey in May.

The junior physician told his bosses about the loss immediately, although the device has yet to be recovered.

The doctor’s employers, the East and North Herts NHS Trust, subsequently launched an internal investigation, before reporting the loss to the Information Commissioner’s Office (ICO), the body charged with policing the Data Protection Act.

And following an investigation, the trust was this week found to have been in breach of the legislation, which is designed to protect personal data.

The trust’s chief executive Nick Carver has since signed an undertaking which, it is hoped, will prevent any similar incidents in future.

ICO head of enforcement Mick Gorrill said: “Storing sensitive personal data on unencrypted data sticks is a risk trusts should not be willing to take.

“If it is vital to store information, this must be done with the highest security measures in place. “Furthermore, it is vital that employees are fully aware of processes which could have prevented this incident from occurring.

“I am pleased that the Trust has agreed to take practical and effective steps to ensure such an incident does not occur again.”

A trust spokeswoman said: “We take our responsibilities to patients very seriously and have completed the implementation of a secure IT system that only supports secure, encrypted devices.

“The vast majority of our staff work extremely hard to ensure the safe use of patients’ confidential data and on this one, extremely regrettable occasion, human error caused the loss of data.

“We do not believe this event put patients at risk and we will continue to be vigilant in the protection and care of our patients’ information.”