30,000 NHS records lost as seven laptops stolen
More than 20,000 records were held on computers stolen from a south London hospital. In Wolverhampton, a laptop holding details on around 11,000 patients has been stolen.
The missing data includes names, addresses, NHS numbers and, in the Wolverhampton theft, personal medical histories.
In both cases, sensitive data had been stored on laptops in defiance of rules that are meant to protect such records from theft or loss.
The disclosures follow the revelation earlier this week that Hazel Blears, the communities secretary, had stored confidential labour Government files relating to counter-terrorism on a laptop that has since been stolen from her constituency office.
Of the two NHS thefts, the incident in Wolverhampton appeared to be the more serious, since the computer concerned contained detailed medical records and was not protected by any form of encryption.
The laptop concerned was stolen from the car of an unnamed GP, according to Wolverhampton City Primary Care Trust. Some 11,000 patients have now been sent letters apologizing for the incident.
Jon Crockett, chief executive of the trust, said he was “extremely concerned” about the theft.
He said: “Patients and the public have the right to expect that those dealing with confidential information maintain the highest levels of security and we are carrying out a full and urgent investigation into this incident.”
Department of Health rules say that any confidential information about patients must be stored in a safe and secure environment. Mobile storage devices including laptops must be fully encrypted.
But the Wolverhampton computer had not been encrypted.
In London, thieves stole six laptops from St Georges Hospital in Tooting. Three contained the first and last names, date of birth, postcode and hospital number of around 21,000 patients.
The theft took place between 6 and 9 June, but St George’s Healthcare NHS Trust only recently made the incident public.
In an internal email to its staff, the St Georges trust said he “acknowledges that patient data should not have been stored in laptops.” The laptops had been used as temporary storage, it said.
Hospital managers said the patient data was protected by passwords and held in “hidden” files.
David Astley , the St Georges chief executive, apologised and said: “We owe it to our patients to protect their personal information and we have reminded our staff not to store this kind of data on laptops in the future.”
He said only staff with the correct password could access the data. “Therefore there is only a very small chance that any patient details have been passed on.”
St George’s is in Tooting, one of Labour’s most marginal seats. Mark Clark, the Conservative candidate in Tooting, said the incident would alarm residents.
He said: “Patient confidentiality has been put at risk by this loss and I am concerned that the hospital make preventing more breaches its number one priority.”
Health Direct once again asks whether you are happy trusting the govt to keep all of your medical data secure? Or are you happy to follow the sheep to the slaughterhouse of completely open personal data?