Ashford and St Peter’s Hospitals NHS Trust has pledged to improve data security after it informed the Information Commissioner’s Office (ICO) of a data breach involving the loss or theft of three unencrypted USB sticks containing sensitive patient information.
Each of the devices contained the full treatment and full diagnosis history relating to a number of cancer patients. The information on the USB sticks was in Word format – leaving the material easily accessible to anyone with a computer.
Andrew Liles, Chief Executive of Ashford and St Peter’s Hospitals NHS Trust, has signed an Undertaking confirming that the Trust will take a number of steps to ensure personal date is kept securely. The Trust will ensure that staff receive the appropriate training and are aware of the hospital’s policy for the storage and use of personal data.
Mick Gorrill, Assistant Commissioner at the ICO, said: “I urge all NHS organizations to restrict and encrypt the amount of sensitive information stored on portable devices. In this case, our investigation found that there was a lack of understanding and awareness among staff of their responsibilities under the Data Protection Act. Good data protection practice should be a matter of corporate governance and I am pleased the Trust is implementing a number of changes to alert staff to data protection policies and procedures in the future.“
Source: Information Commissioner’s Office