14.11.14
NHS breaches patient confidentiality six times a day
The NHS breaches patient confidentiality six times a day, with a total of 7,255 breaches in the last three years, according to a new report from Big Brother Watch.
Among the breaches covered by the privacy campaign group’s report is the incident where a computer that formerly belonged to NHS Surrey was sold to a member of the public in 2012. The person later found personal information of more than 3,000 patients still on the machine, as the trust had failed to destroy the information before selling the computer. NHS Surrey was fined £200,000 over the incident.
In another example a GP surgery manager illegally accessed the medical records of more than 1,940 patients. Many of the records related to women in their 20s and 30s. His punishment was a £1,345 fine, which included a £99 victim surcharge and £250 in prosecution costs.
The privacy group collated the information from FOI requests. A summary of the different types of data breach Big Brother Watch found includes:
- At least 50 instances of data being posted on social media
- At least 143 instances of data being accessed for ‘personal reasons’
- At least 124 instances of cases relating to IT systems
- At least 103 instances of data loss or theft
- At least 236 instances of data being shared inappropriately via Email, letter or Fax
- At least 251 instances of data being inappropriately shared with a third party
- At least 115 instances of staff accessing their own records.
As a result of these breaches there have been 61 resignations of staff, according to data supplied by NHS trusts.
The report also looks at data legislation, saying that the Data Protection Act 1998 (DPA) has a number of flaws that must be corrected. One criticism it makes is that the DPA does very little to discourage those who are seriously considering breaking data protection legislation and makes it harder to clamp down on the individuals and organisations that knowingly flout the rules by accessing and in some cases selling personal information to third parties.
As a result, Big Brother Watch proposes three measures that should be introduced, including introducing the option of custodial sentences and criminal records for the worst offenders and providing better training.
Emma Carr, director of Big Brother Watch, said: “The information held in medical records is of huge personal significance and for details to be wrongly disclosed, maliciously accessed or lost is completely unacceptable.
“With an increasing number of people having access to patients’ information, the threat of data breaches will only get worse. Urgent action is therefore needed to ensure that medical records are kept safe and the worst data breaches are taken seriously.
“If the government wants to make the public’s data more accessible, then this must go hand in hand with greater penalties for those who abuse that access. This should include the threat of jail time and a criminal record.”
A spokesperson for NHS England said: "Patient confidentiality is an absolute right and crucial to the doctor patient relationship.
"The NHS has a culture of reporting and investigating data breaches to ensure lesson are learnt.
"We are always looking to improve the management, security and confidentiality of patient information in the context of providing health services to an entire population."
Tell us what you think – have your say below or email [email protected]