Britain's toothless paragon of digital virtue, the Information Commissioner's Office, has warned the National Health Service to clean up its act when it comes to protecting patient data.
Having recently slapped another five health organisations for breaches to the Data Protection Act, Information Commissioner Christopher Graham has fired a very public warning shot at the NHS.
In a statement released today he said, "The health service holds some of the most sensitive personal information of any sector in the UK. Millions of records are constantly being accessed and we appreciate that there will be occasions where human error occurs. But recent incidents such as the loss of laptops at NHS North Central London - which we are currently investigating - suggest that the security of data remains a systemic problem."
Graham, who heads the government-funded digital watchdog continued: "The policies and procedures may already be in place but the fact is that they are not being followed on the ground. Health workers wouldn’t dream of discussing patient information openly with friends and yet they continue to put information on unencrypted memory sticks or fax it to the wrong number.
"The sector needs to bring about a culture change so that staff give more consideration to how they store and disclose data. Complying with the law needn’t be a day-to-day burden if effective measures are built in and then become second nature."
Recent gaffes by NHS staff include an Ipswich Hospital staff member who lost 29 patient records after taking them home to update them; A Durham medical practice which faxed surgical discharge letters to the wrong numbers, and similar cock-ups perpetrated by the East Midlands Ambulance Service NHS Trust, Lancashire Teaching Hospitals NHS Foundation Trust and Basildon and Thurrock NHS Trust.
The ICO has provided guidelines for health organisations explaining their obligations when it comes to protecting patient data but it seems that some health workers are too busy treating patients to read them.