Paper medical notes and those stored on computer both suffer security problems. Photograph: Corbis
Norfolk and Norwich hospital has become the latest organisation to leak personal data after confidential health records of 55 patients were found in a residential wheelie bin.
The Eastern Daily Press reports that a 67-year-old woman in Bowthorpe, a suburb of Norwich a short distance north of the hospital, found notes including sensitive mental health details, with handwritten annotations and names and addresses. The hospital is launching an inquiry into how the records were dumped.
The North Norfolk MP, Norman Lamb, said: "This is a horrifying breach of security. It is so important that this information remains on site so patients are confident in the NHS. Some of the most personal and private information is on these records."This has to be treated as a zero tolerance policy with nobody being able to breach security arrangements again."
Alas, patient records going missing - in both paper and digital format - is nothing new. As recently as last week, Maidstone and Tunbridge Wells NHS trust lost a memory stick containing the medical records of cancer patients. And a computer decommissioned from Dudley hospital was recently sold on eBay with medical records still on the hard drive.
Another trend hospitals seem keen to join is offshoring transcribing medical reports. Last year, a trust came under fire from the union Unison for piloting a scheme where tapes would be written up in Chennai, India. It claimed that errors would be made and jobs put at risk. The hospital? Norfolk and Norwich.
With this background of data meltdown in the public sector, David Nicholson, the NHS chief executive, has ordered all trusts to review their information security policies - keeping unencrypted information out of memory sticks, avoiding transferring huge amounts of patient records in bulk, and so on.
One would hope that the NHS's national programme for IT would in essence provide some greater data security - as the programme's departing chief executive, Richard Granger, has frequently commented, leaving huge trolleyfuls of confidential records lying around in hospital corridors is much less secure than putting them behind computer firewalls. Still, anecdotes abound of clinicians sharing passwords and access cards to health records and leaving computers logged in.
This is why computers aren't the solution and aren't the problem. Somebody chose to dump paper records in an anonymous bin, and another somebody neglected to securely wipe the hard drive. People, rather than the technology they use, are always going to be where the pipes burst.
