Number of lost NHS patient records on increase

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scotsman.com/news/health/number-of-lost-nhs-patient-records-on-increase-1-3253057

MINISTERS are facing calls to tighten up patient privacy rules after
hundreds of incidents of confidential medical data being lost were reported
across Scotland’s health boards.

Patient notes were found in public places within NHS buildings, with
private documents also left in car parks and on public transport, the
catalogue of more than 700 cases over the past five years showed.

Personal information about patients was also sent to the wrong addresses,
according to the log of incidents from health boards released under Freedom
of Information laws.

In one incident at NHS Dumfries and Galloway, details of a patient
appointment written on a scrap of paper was used as a bookmark in a
furniture catalogue which was sent around a hospital.

Politicians and campaigners for patients’ rights yesterday called on the
Scottish Government to do more to help health boards protect confidential
patient information.

Scottish Lib Dem health spokesman Jim Hume, who obtained the data breaches
log, claimed that in one incident a pregnancy record of a patient was sent
to the wrong person.

Mr Hume called on health secretary Alex Neil to set out a plan to improve
confidentiality.

He said: “Our figures show that there were over 700 incidents with personal
patient data over the past five years in Scotland’s health boards.

“NHS staff work extremely hard under an enormous amount of pressure but
there must be a vigilant approach when it comes to protecting atient
information.

“Our figures also show a number of important patient records and notes were
lost. Some of those that were found had been left in public places where
anyone could have read that private information.

“The health secretary must explain what he is doing to address this.”

The loss of private medical records continued to worsen year-on-year, the
figures showed, with the number of incidents going from 86 in 2009 to 130
in 2010, then 176 in 2011 and 191 in 2012, before rising to 223 last year.

The health board with the highest number of patient data losses last year
was NHS Borders at 119. There were 29 incidents in Dumfries and Galloway,
27 cases in Ayrshire and Arran, and 22 in Lanarkshire, the figures for last
year showed.

Margaret Watt, chair of the Scotland Patients Association, called for a
joint initiative involving ministers, NHS bosses, staff and health
campaigners.

She said: “We have been talking about the loss of this medical information
for years now and it’s time we got a grip of the situation.”

A Scottish Government spokeswoman said: “All mobile devices holding any
patient data are now encrypted so, even if a laptop is stolen, patient
information cannot be accessed.

“In the interests of greater transparency, the Scottish Government plans to
introduce a severity scale [for data breaches] and national reporting
mechanisms.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.