Patient data loss affects 168,000

The loss of patient records by the NHS affects 168,000 people, including at least 160,000 children, the Department of Health has said. Nine English NHS trusts have admitted losing confidential patient details in the latest public sector data lapse.

The DoH says patients have been informed and there is no evidence data has fallen into the wrong hands.

The Tories condemned the government for its “failure to protect the personal information which we provide”.

It follows losses of millions of child benefit claimant and driver details.

‘High security encryption’

The DoH confirmed that one of the breaches involved the loss of names and addresses of 160,000 children by City and Hackney Primary Care Trust, after a disc failed to arrive at its destination at St Leonards Hospital in east London.

But it said the data had been encrypted to an “extremely high level of security”.

A DoH spokesperson said: “We believe that an additional 8,000 patients in total may have been affected but even amongst these only a small proportion involves some clinical data, and there is no evidence that this has fallen into the wrong hands.”

It said investigations were under way and action would be taken against anyone who had failed to fulfil their responsibilities under data protection laws.

The other data trusts involved are Bolton Royal Hospital, Sutton and Merton PCT, Sefton Merseyside PCT, Mid-Essex Care Trust, and Norfolk and Norwich.

The East and North Hertfordshire Trust reported a loss but has since found its missing data.

A further disc, lost by Gloucester Partnership Foundation Trust, consisted of archive records relating to patients treated 40 years ago – none of whom is still alive.

Maidstone and Tunbridge Wells NHS Trust has reported two breaches – meaning that 10 cases have occurred in total.

The losses involved data stored on laptop computers and data sticks.

Losses ‘unacceptable’

Roy Lilley, a former NHS trust chairman, said the losses were unacceptable: “The NHS has a very good encrypted secure system for sending data around the system and I can’t see why sub-sets of data are being carted round on a memory stick.”

Mr Lansley said: “You have to wonder why on earth it took the Revenue and Customs to lose their discs and for government to institute an inquiry across government for these losses of data to come to light.

“It does feel like there’s a sense in government, all parts of government, that we’re required to provide data and we are constantly told that it will be protected but in reality that level of protection simply isn’t there.”

Central database plans

Health minister Dawn Primarolo said: “What it is really important to stress is how important patient security and confidentiality is and how each of these trusts is moving to deal with this.

“And given we have hundreds and hundreds of trusts I think that patients should be confident that their information is being held appropriately.”

The DoH indicated the episode would not prevent the NHS’s central computer database going ahead.

A spokesperson said: “These breaches are in no way related to the National Programme for IT (NPfIT); indeed the NPfIT will help avoid such incidents, as it has particularly strong data protection rules and the highest standards of security control.”

Police are still searching for two computer discs containing the names, addresses, dates of birth and bank account details of every child benefit claimant after it emerged they had been lost in the post by HM Revenue and Customs in November.

Then on Monday it was revealed the details of three million learner drivers had also been lost after being sent to Iowa in America’s mid-west.