More NHS Dataloss

More data lost from the NHS.

“Discs containing personal information on almost 18,000 NHS staff have gone missing from a north London hospital.

Whittington Hospital NHS Trust admitted the discs were lost when they were put in the post by mistake in late July.”

I've worked at the Whittington A&E department in my nursing days and it's worrying to think that there is enough data now floating out there, lost, to comprehensively steal people's identity.

These details could be used to impersonate a nurse. A nurse that might have access to vulnerable patients.

Of course, when the NHS has all your details on a centralised system there will be 'policies and procedures' in place to prevent this sort of data loss happening. Just as the policies in place managed to prevent this data loss.

Oh wait, they didn't.

On a technical side, it would be much more secure to encrypt the data and send it via the internet than to burn it to media and send it by post or courier.

17 thoughts on “More NHS Dataloss”

  1. I don't mind them having my details on some super database. However, as far as I am concerned, my details are just as important and sensitive as the Queen's or the PM's so if they have some extra layer of security around their data to make sure that only those entitled to it can gain access then I want that exact same level of security, not only for my records but for every single record they hold of everyone in the country.

  2. I'm slowly coming around to the view that it's just not safe (yet) to have so much data in such a physically small space (e.g. a hard disk, USB stick, CD, etc) that's so routinely copied in bulk (e.g. hard disks are routinely duplicated in case of failure, when contractors are developing and testing systems).I really can see the benefits of a super computer with details of my medical records, bank accounts, passport, driving licence, etc, but it really doesn't look to me as if we are careful enough to look after such a database.

  3. On a technical side, it would be much more secure to encrypt the data and send it via the internet than to burn it to media and send it by post or courier. You are missing the point that the CDs were put in the post “by mistake”. If they wanted to send them, presumably they'd be able to track them better – at least know when they'd been received rather than “hey where are those CDs… you did what with them?”

  4. Not so sure it would be more secure. At least if a [sealed, tamper evident] envelope goes missing/gets opened it should be apparent that you've had a data breach. In electronic form it could potentially be copied without sender or recipient being aware that it's happened.Of course it needs to be strongly encrypted however it's transported (or stored…)

    What we really need is legislation requiring personal data to be encrypted at all times, except when being actively processed (and even then only decrypted in a volatile storage system).


    Ps. Depending on the amount of data involved and media used, the postal system might even manage a better data rate 🙂

  5. You have to have a wry smile – somebody had a REALLY bad day..our local hospital outsourced their data protection (no honestly) recently and a load of patient records were found by a member of the public stuffed in a car park bin – Trouble is, whenever I go to hospital…they cant find my records…..

  6. What I'm still trying to work out is WHY they were sending disks at all. When I worked for the NHS, all payroll data was encrypted and sent electronically whether it was going to McKesson (who hold the contract for the HR/payroll system from hell known as the Electronic Staff Record) or via BACS to get people paid.I never worked for any of the Trusts mentioned and haven't worked for the NHS for a while now but it doesn't make any sense. I'm not surprised someone's been suspended for it but from the report I read, it sounded like the disks have been lost somewhere in the internal mail of the hospital and not necessarily ever left the hospital premises. They're probably sitting in Medical Records somewhere with Caroline's records..

  7. It's not that this happens, it's that it keeps happening. Either procedures are not in place, or some spotty YTS kid is being trusted with highly sensitive data.

  8. One of the problems with all this data going missing is that it is always human failure that is to blame (disks in post, plans on a train, memory sticks going missing, records in a bin etc) and not the technology per se that is at fault.I think online health records are a great idea – am I alone in this? The massive programme to put electronic records together may be a bit of a monolith, but its heading in the right direction as far as I am concerned.


  9. Sure its a good idea, but do you trust the government/some foreign company/hospital managers/anyone in fact to look after it properly? Who's going to guard the data? Obviously a low paid security guy who wasn't smart enough for school. The security guy will have access to all the data, while your doctor will only have access to your medical records.

  10. lol, have you seen how the “paper data” is managed at the moment? The hospital I am working in has any number of Health Records stacked in corners of offices, under desks, etc, and I am sure this is not an isolated case. I am not surprised that any number of people are seen without their proper records (clinical risk, anyone?) when they are so randomly looked after.While I can see that there may be different risks involved with online records, I would welcome them being available, at the very least, when and where they are needed.

    As for security: if the interweb was such a terrible place for security, people wouldn't use it every day for purchases.


  11. It is human failure. However the technology is what enables the humans to fail to quite such an extent. For instance, leaving your briefcase on the train is nothing new and has happened for decades. It's only the technology that enables that briefcase to contain thousands and thousands and thousands and thousands and thousands of records where before it could have held about fifty. Humans are fallible. As such, no fallible human should be in a position where they CAN 'just lose' that amount of sensitive data.I don't want online health records. Not nationwide anyway. I could just about deal with, for instance, my GP surgery sharing a precis of vital and current details (medications, ongoing conditions, allergies and so on) with the nearest hospital on the basis that it's the A&E I'm likely to turn up at if I have a mishap.

    But a nationwide system – it'll be held together with duct tape and creaking at the sides. Think about the numbers.

    61 million patient records.

    1.3 million NHS employees all of whom need different degrees of access to different levels of those records (eg a secretary needs to see your address, your cardiac specialist needs to see your test results, your GP needs to see your entire medical history).

    Who knows how many “special cases”, royalty, the Cabinet and so on, who either won't be on it or will require another layer or two of security.

    Furthermore, compared to paper records, the risk/reward ratio shoots up. Paper records at your GP surgery, yeah, someone could break in, try and jimmy the filing cabinets before the police arrive, and abscond with an armful of files. You need a determined burglar to try that and he gets one shot at grabbing maybe a dozen files. Whereas online… any number of hackers will be swarming all over it from day one, some for profit and others just for fun. And as soon as one gets in – from a masked address, so no police swooping in for quite some time – they'll be able to copy and redistribute whatever they like, wherever they like. All the bonuses of online records, easy search, fast access, any one from any where, suddenly these all become security hazards.

    How do you test a thing like that? Answer: you can't. You can only wallop it out there, hope for the best, and pray that you can afford a massive team of top-end specialists to try and fix the vulnerabilities as the hackers, not to mention the 1.3 million brand-new ooh-this-is-a-new-system I'm-not-sure-how-to-do-this-bit users, find or create them. Microsoft has that kind of money and resource. The NHS doesn't.

  12. So what you're saying is that NHS employees in the hospital where you're working have very little concept of how to properly look after sensitive data for the few thousand people they have files for. Their awareness of security and best practice is appalling and they don't give a rat's ass about confidentiality. Fair enough. I accept that.And you're saying you want to trust these same people, to have access to all 61 million UK medical records? To be able to print bits off, to be able to do a quick search for their friends/family/neighbours/etc? You're saying you trust these people to always log out of their computer when it's unattended? To use secure passwords and not put the password on a post-it note on the side of the monitor? To be immune to bribery and coercion?

    No. If it's all the same to you, I'll stick with a system where their screwups only risk a few files rather than ALL of them.

    I do shop online. Firstly, smaller systems, so security is much more realistic. Secondly, I have card protection so if my security is compromised, I don't lose out so long as I notice and have kept up my end of the deal (eg not taking stupid risks). Thirdly, I would much rather a criminal had my credit card details than my medical records. I can change my credit card.

  13. I think that your P.S. has hit the nail on the head…But seriously, internet travel, when properly encrypted and set up is *much* more secure than a 'password protected' DVD.

  14. Its very probable that my details are among those lost. Interestingly, I've had customs and excise on my back this last week for data that this trust have failed to send them about my NI contributions. Hmmm.I'm torn on the database. I can see why having information on your medical history, where ever you may be in the country, would be extremely useful. To use a the “i'm pregnant” line again, I currently have to take my maternity notes all over the show with me, and being heavily pregnant and ultr5a forgetful, I do fear losing them. a centralised database would do away with the need for this..

    And, surely it would be very useful for someone to know what medication, say a psychiatric patient, was on (or should have been on) would be useful.

    Its a toughie.

  15. Thanks for the reply – always good to get a debate going :)Some misunderstandings..

    “..they don't give a rats ass about confidentiality” – actually, many people feel very strongly about it. After all, they have Health Records too. The fact is that it is not a management priority and therefore time isn't allocted to making it happen, so its pretty awful. With a centrally managed system, it will become a priority.

    “ have access to all 61 million UK medical records?” – no, they have access to the records based on their role and based on having a 'legitimate relationship' with the patient. It is a myth that everyone can see everything. Even having those safeguards in place, there is an audit function which maps screens and keystrokes, so anyone even attempting to see something they possibly shouldn't will be open to audit and accountability.

    “…always log out when unattended” – People have their own log-in cards. These are treated as secure items, so staff put these into their machines when they are using them, and take them out when they leave their desks. It is a disciplinary offence to lose them. If they leave them at home they cannot work on the system. No temporary cards are issued, and certainly no temporary staff are given them. If anyone is caught having left their card in their PC while not at their desk, they have to account for their actions to the security manager.

    “ note on the side of their monitor” – Obviously this is a no-no, but having a post-it with their password on it on their monitor will not let anyone have access to their role because they need the card as well in order to log in.

    “…quick search on their family / friends” – again – role based access, legitimate relationships and keystroke / screen audits.

    ..”Be immune to bribery and coercion” – I think we wouldn't have developed the wheel in the first place if we didn't do things because there are evil people out there. The potential for people to do nasty things has multiplied since the age of computers, so lets burn all the computers! hmmm.

    .”.I do shop online”: Can you honestly say that the arguments for not having online health records you mention above mitigate the risks of shopping online? e.g. smaller systems – Barclays would beg to differ!

Leave a Reply

Your email address will not be published. Required fields are marked *