NHS Loses Almost 10,000 Patient Records in a Year
New research from think tank Parliament Street has revealed that The National Health Service (NHS) has misplaced almost 10,000 records in the last year.
Parliament Street liaised with 68 NHS Trusts to examine levels of reported missing or lost patient records, compiling its findings into the report NHS Data Security: Protecting Patient Records.
The total number of misplaced records reported by the 68 trusts was 9,132, with just 16 of those claiming that they had not suffered any lost or stolen data in the last year. What’s more, many of the trusts admitted they still had data missing.
In terms of the individual trusts that fared the worst, the University Hospital Birmingham topped the list with 3,179 records missing or stolen, Bolton NHS Trust (2,163) in second place and University Hospital Bristol (1,105) in third.
Perhaps most surprisingly, the report also revealed that 94% of NHS Trusts continue to use handwritten notes for patient record keeping, something Parliament Street highlighted as a significant security risk.
“The process of developing patient records through handwritten notes may be convenient, but it inevitably leads to errors and potential security issues,” Parliament Street wrote.
“It is clear that paper-based systems are no longer fit for purpose and NHS Trusts should work towards implementing digital systems with records capture via tablet computers and mobile devices.”
Barry Scott, CTO EMEA at Centrify, said, “These incidents underline the need to improve security procedures around the management of health records within the NHS. With sales of health records on the dark web and identity fraud on the rise, the need to protect the privacy of patients whilst moving towards secure digital systems is both urgent and essential.”
The health service remains a top target for hackers, and whether their motive is to wreak havoc or steal identities, it’s critical that every single patient record is treated as a high priority by Health trusts, Scott added.
“Achieving this means ensuring only accredited doctors, nurses and staff can access private information, and providing encryption and identity access management solutions to keep cyber-criminals locked out.”
Source: Information Security Magazine