Mental health data stolen from NHS trust

Data not properly protected by NHS authorities

encryption device

An NHS trust has lost data relating to 1,000 occupational therapy patients and staff members, according to the Information Commissioner's Office.

Great Yarmouth and Waveney Primary Care Trust (PCT) informed the ICO of the theft of two desktop computers containing sensitive personal data including information about people’s physical or mental health and trade union membership.

The premises did not have an intruder alarm system, the internal office doors did not have security locks and the computers were not protected with any form of encryption software.

Six desktop computers holding personal data relating to 2270 patients were also stolen from Gloucestershire PCT.

The computers were used by medical secretaries for preparing letters and notes relating to diagnosis and referral of patients.

Although the computers were password-protected and held in a locked office, the ICO said patient data should have been held on a local server, rather than on the hard drives of the stolen computers.

Formal Undertakings have now been signed by both trusts committing them to take a number of steps to ensure that personal data is processed in compliance with the Data Protection Act.

"Both of these cases have put thousands of patients’ sensitive personal information at risk," said Mick Gorrill, assistant information commissioner at the ICO. "Personal information is valuable and keeping it safe and secure should be at the heart of good corporate governance. I am pleased these PCTs have taken steps to ensure patient data does not fall into the wrong hands."