A member of staff at a NHS Forth Valley secure mental health unit has been suspended over the apparent loss of a USB stick containing patient's medical records.
According to local newspaper reports, the USB stick - which contained contained the criminal histories of violent patients at the Tryst Park unit at Bellsdyke Hospital, as well as some staff employment records - was found by a 12-year-old boy at an Asda supermarket in nearby Stenhousemuir.
The case may be referred to the regional office of the ICO (Information Commissioners Office) in Edinburgh for investigation since it involves a the loss of medical records.
Sean Glynn, product manager with data security specialist Credant Technologies said, "The case is the latest in what has become a long history of NHS data losses that David Smith, the ICO's deputy commissioner, directly referred to in his keynote speech at the Infosecurity Europe show last week."
Smith had singled out the NHS for criticism on the volume of its data breaches and losses, noting that the health agency is responsible for one third of data breaches.
The ICO takes action involving large-scale breaches where there is potential harm to individuals. Glynn reckons this is such a case, as the Tryst Park facility provides long-term care for adults with severe mental health problems.
"It's interesting to note that the first four months of last year were a poor time for NHS data security when it was reported that the health service suffered 140 security breaches in that period," he said. "The fact that the Information Commissioner took action against 14 health trusts in the six months to April 2009, highlights the urgent need for encryption of payroll, human resource and medical records of all types," he added.
According to Glynn, the ongoing migration of medical records in many health trusts to electronic format has not helped matters.
"If the NHS doesn't move quickly to fix its grass roots security processes, these data leaks will carry on happening," he added.