Lib Dems demand tougher data protection

The Liberal Democrats are calling on the Department of Health to publish minimum standards for the protection of data on mobile devices after compiling research on more than 150 cases of data loss in the NHS.

The party used the Freedom of Information Act to ask strategic health authorities about ‘serious untoward incidents’ involving data loss.

It discovered a huge range of incidents that have occurred since 2006, including the theft of an entire GP practice system, the loss or theft of almost 30 laptops and the loss of back-up tapes in the post. Many of the incidents related to the loss of data held on paper-based systems.

Norman Lamb, Liberal Democrat shadow health spokesperson, has written to health secretary Alan Johnson urging him to accept five priorities to stem the loss of confidential data.

In addition to the call for minimum standards, the Liberal Democrats want the DH to introduce a general principle that patient records should not be stored on mobile devices. The party also wants strict rules to control the copying of data.

“Any exceptions must be authorised after a risk assessment and only where it is unavoidable for the completion of work duties and the provision of care,” it adds.

The party is also calling on lapses in standards of care to be regarded as potential serious misconduct and wants the government to abandon its plans for a national patient database.

Lamb said: “Patients have a right to expect their personal information will be treated with the utmost care. We already know from the Information Commissioner that the NHS is among the worst offenders for data loss, reporting as many incidents as the entire private sector. There must be a fundamental re-examination of how the NHS deals with personal data.”

A spokesperson for the DH said the NHS locally had legal responsibility to comply with data protection rules.

He added: “They are expected to take data loss extremely seriously, be open about incidents and about the action taken as a result. David Nicholson, chief executive of the NHS, has written to all senior health managers reminding them of their responsibilities following the level of public concern in the wake of data losses."

Other incidents revealed by the FoI requests include two cases of memory sticks containing patient data being lost or stolen within a few days of each other in London in June this year, the loss of a video tape containing video consultations in NHS West Midlands and the theft of a PC containing patient information in NHS North East.

However, an E-Health Insider survey published last week suggested that NHS organisations have tightened up their policies on mobile device security in response to the recent spate of data breaches from the public sector.