Thousands of NHS patients in Wales have been told an unprotected memory stick containing their personal details is missing.

The USB stick was lost in transit between a GP surgery in Lampeter, Ceredigion, and the NHS Wales Business Services Centre, based in Pontypool.

The memory stick – which was not encrypted or password-protected – had been used to store patients’ names, addresses, dates of birth and NHS numbers.

Hywel Dda Local Health Board (the body overseeing healthcare services across mid and west Wales) said the memory stick did not contain any clinical information.

In light of the data loss, the Health Board has now written to all GP practices, opticians, dentists and pharmacists to remind them, it said, ‘of the importance of the patient data security and to reinforce the formal procedure for the safe transfer of patient data’.

Source: WalesOnline, 1 April 2010.

The medical records of around 2,000 NHS patients in Stoke-on-Trent have been lost.

The missing records are those of patients who received physiotherapy treatment at the Haywood Hospital, part of NHS Stoke on Trent, in or before 2006.  The hospital has apologised to patients for the security breach. It said in a statement:

“We are investigating the possibility of records having been destroyed under confidential conditions, in error… Procedures have already been tightened and steps are in place to ensure this does not happen again.”

Source: The Sentinel, 12 March 2010.

A review is underway after NHS patients in the East of England received confidential data about other people.

NHS IT body, Connecting for Health, has apologised after patients’ details were accidentally disclosed in a mailshot designed – ironically – to reassure them about the security of their medical records.

BBC Look East reports a number of recipients opened their envelopes to find letters addressed to other patients.

The letters – marked ‘Private and Confidential’ – showed the patient’s name, address and personal NHS number.

NHS Connecting for Health, which sent the letters on behalf of primary care trusts in the region, blamed a contractor for the error.  It said in a statement:

“Some PCTs have been made aware that, in a number of cases, more than one patient letter has been placed in an envelope.  The letters contain no medical information.

“The mailhouse supplier responsible… has undertaken a rigorous review of their processes.”

Source: BBC News, 7 March 2010.

An investigation is underway following reports that three GP diaries containing personal details about hundreds of patients in Wigan were found dumped in an alley.

The diaries, dating back to 1988, 1990 and 1991, are reported to contain the names, addresses and medical complaints of patients requiring visits by doctors.

A member of the public, who did not wish to be named, is said to have discovered the diaries lying in an alleyway behind a disused surgery.

Source:  Wigan Evening Post, 22 February 2010.

West Middlesex University Hospital NHS Trust has become the fourth NHS body this month to fall victim to the Conficker computer virus.

The Trust has confirmed that the virus currently infecting its IT systems has caused ‘operational issues’, resulting in staff having to resort to ‘manual’ processes.  Patients have been advised to only contact the hospital if their need is urgent.

In July 2009 the Trust confirmed to More4News it had suffered a computer virus attack  - however that particular infection was contained to only a Dictaphone.

Original source: The Register, 18 February 2010.

NHS Leeds has confirmed that some of its servers were infected with the Conficker computer virus. The organisation said that clinical systems and PCs had not been affected, but it would be reviewing its patching strategy in light of the incident;

According to an internal memo obtained by The Register, around 9-10 servers were infected by a variant of Conficker which intermittently locked users out of their accounts.

Mid Cheshire Hospitals NHS Foundation Trust has suffered a computer virus infection which spread to 85 computers – three per cent of the Trust’s PCs.

According to reports, the Conficker worm was detected on 20 January and removed from all affected PCs on 24 January.  An investigation is said to be underway to determine the cause of the infection.

In a statement, Mid Cheshire said that core clinical systems had not been affected and there had been no impact on patient care or appointments.

North Devon NHS Healthcare Trust (NDHT) recorded 18 incidents of personal data loss during 2009,  according to information obtained under the Freedom of Information Act.

The incidents are said to include confidential patient files being left on a hospital car park machine, a theatre list found on a public footpath, the loss of a staff diary containing patient details, as well as instances of information being sent to the wrong address.

In a statement, NDHT said that none of the incidents involved electronically-held data and in all but three cases, the information lost had been subsequently recovered.

Further information.

Southampton University NHS Hospitals Trust has been ordered to improve data security following a theft of laptop containing approximately 33,000 patient records.

The laptop, which was password-protected but not encrypted, was stolen from a retinal screening van which had been left unlocked and unattended by a member of staff.

The laptop was attached to the van by a security cable which was cut off during the theft.

The information consisted of tens of thousands of patient records including types of diabetes condition and in some cases, the results of patients’ retinal screening tests.

Source: Information Commissioner’s Office, 22 January 2010.

Related Documents

Southampton University NHS Hospitals Trust Undertaking.

NHS Norfolk has apologised after the medical records of 11 elderly patients at Norwich Community Hospital were found outside a supermarket by a member of the public.

According to reports, the documents included the patients’ names, ages and medical histories, with some containing notes about whether the person lived alone as well as mobile phone numbers.

In a statement, NHS Norfolk Community Health and Care said:

“Breaches of patient confidentially are extremely serious and this very unfortunate incident has caused us great concern.

“We would like to send our most sincere apologies to the patients and families concerned and reassure them that we have immediately launched a thorough investigation into this matter.

“We will also be reviewing the processes and systems we have in place regarding the handling of patient information and reaffirming to staff their responsibility to follow these stringent procedures to ensure patient confidentiality.”

Source:  Norwich Evening News, 20 January 2010.