Mass privacy breaches plague National Health Trusts – report
During the three-year investigation, it was discovered there were 7,255 recorded incidents of confidentiality breaches, the equivalent of six breaches a day.
The information, obtained by campaign group Big Brother Watch through Freedom of Information requests, found at least 236 instances of private patient data being shared inappropriately by email, letter or fax.
They further discovered 50 incidents of data being posted on social media, and data disclosed unnecessarily to third parties, over 250 times.
In the report, Big Brother Watch called the breaches “unacceptable,” saying the information held by the NHS “is amongst the most personal and private information that it’s possible to record.”
“If patients have any reason to think that their data isn’t safe within the NHS, then it could lead to a situation whereby people stop reporting symptoms or asking for the necessary help,” they added.
As a result of the failures there have been at least 61 resignations during the course of disciplinary action, with one court case still pending.
South West Yorkshire Partnership NHS Foundation Trust was found to have the least secure patient confidentiality, with 869 cases of inappropriate data sharing between 2011 and 2014.
The investigation further revealed that the Taunton and Somerset NHS Foundation Trust breached patient confidentiality 546 times.
Other trusts to feature in the five least secure trusts included Cambridge University Hospitals NHS Foundation Trust, Northamptonshire Healthcare NHS Trust (Mental Health), and Bradford District Care.
Director of Big Brother Watch, Emma Carr, condemned the leaks, saying “The information held in medical records is of huge personal significance and for details to be wrongly disclosed, maliciously accessed or lost is completely unacceptable.”
As well as monitoring the numbers of privacy leaks, the report makes suggestions for the NHS to improve their patient confidentiality security.
The report claims the Data Protection Act 1998 (DPA) needs to be reformed in order to reduce privacy breaches. It argues that disclosing information should be a criminal offence carrying custodial sentences for the worst offenders.
Carr added that “urgent” action was required to tackle confidentiality breaches.
“If the government wants to introduce new schemes, which will make the public’s data more accessible, then this must go hand in hand with greater penalties for those who abuse that access.”
“This should include the threat of jail time and a criminal record,” she added.
The investigation comes after it was revealed in June that the data of thousands of NHS ambulance staff had been accidentally published online.
South Central Ambulance Service, which was responsible for the leak, published the age, sex and religion of 3,000 staff members.