Data privacy issues continue to plague the National Health Service (NHS), as a new report from privacy campaign group Big Brother Watch revealed the U.K. health organization has been involved in 806 separate incidents in which patient medical records were compromised in the last three years.
Based on information obtained through the Freedom of Information Act, 152 NHS trusts have been responsible for data breaches between July 2008 and July 2011. According to the report, the data breaches included 23 incidents of patient information, including pictures in some cases, being posted on social networks; 91 instances of an NHS staff member looking up information on colleagues and 24 incidents of stolen or lost information, among others.
Of these 806 incidents, Big Brother Watch reported, only 102 have led to the dismissal of staff members.
A May 2011 study from certification firm GlobalSign found that 34 percent of surveyed healthcare professionals say their organizations have experienced data breaches within the last two years. Ten percent of respondents said they believe breaches that cost organizations $100,000 per incident occur each day.
Still, the NHS has been the subject of intense criticism regarding data protection and the privacy of patients. The Information Commissioner's Office (ICO), the U.K. government's data protection watchdog, has chastised the NHS on several occasions for its data security practices.
Most recently, the ICO reported that the University Hospitals Coventry & Warwickshire NHS Trust has lost patient information on two separate occasions. The first occurred in February, when a staff member took home treatment records relating to 18 patients and accidentally threw them away in a residential waste bin.
In May, sensitive patient records were allegedly discovered in a trash bin outside Coventry University Hospital. According to the ICO, a member of the public found the records, which included information about patient medical procedures and test results.
A statement from the ICO said the trust has been ordered to review its data protection policies and make the necessary adjustments to ensure that patient information is being adequately protected.
"Organizations across the health service must recognize that they hold some of the most sensitive personal data available and that it must never be disposed of in the same way as routine household waste," said ICO head of enforcement Sally Anne Poole.
However, data breaches continue to affect NHS organizations, and it is evident that many have not responded accordingly.
"This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected," said Big Brother Watch director Nick Pickles.
"As the summary care record scheme is rolled out and an increasing number of people have access to private patient information, urgent action is needed to ensure that we can be sure our medical records are safe," he added.
The ICO, for its part, has made several strong statements regarding the NHS and its data protection practices. In July, the watchdog issued a press release asserting that policies and procedures need to be followed more closely, and the sector needs to bring about a "culture of change" to ensure that patient information isn't exposed.
The ICO also recently advocated the introduction of custodial sentences for those involved in data breaches, asserting that fines for such incidents are not effective enough. Whether this practice will be implemented remains to be seen, but the ICO has argued that its powers should be expanded to curb the growing number of data breaches affecting the health and other industries.
Data Security News from SimplySecurity.com by Trend Micro