PCT in Hastings criticised after patient data stolen

Health chiefs have been criticised by a government watchdog after a computer containing 'sensitive' data on patients was stolen.

The Information Commissioner's Office criticised Hastings and Rother Primary Care Trust (PCT) after the machine was taken last September.

It said the trust's security measures were inadequate after the data was stolen from one of the organisation's buildings.

Hide Ad
Hide Ad

The PCT has been required to sign a formal undertaking to improve its procedures for protecting data.

It is not known when in September, or where, the computer was taken from but it is believed the thief entered a building by climbing scaffolding.

The Information Commissioner's Office said the data controller had previously expressed concern about the lack of physical security at the building.

Mick Gorrill, assistant information commissioner, said: "The stolen computer contained sensitive health information on patients.

Hide Ad
Hide Ad

"The PCT should handle all personal information, particularly sensitive details, in compliance with the Data Protection Act.

"I am increasingly concerned about the way some NHS organisations are failing to securely hold people's health and personal information.

"Organisations must implement appropriate safeguards to ensure personal details about patients are processed securely."

The office said it was the eighth time since November that it had to take action against the NHS for losing data.

Hide Ad
Hide Ad

A spokesman for Hastings and Rother PCT said: "We take the security of confidential patient information very seriously.

"The Information Commissioner's Office has welcomed the steps we have taken in the wake of this incident to ensure there is no repeat.

"Even though the building which the computer in question was stolen from is not owned by ourselves, we are now carrying out a review of security at all our buildings to ensure that they are fully protected.

"We have a long established staff education programme around data security in place to ensure that everyone within the organisation is aware of their duties and responsibilities in safeguarding patient information.

"We have also recently completed the encryption of all our laptop computers."

Related topics: