NHS Staff Posted Patient Information on Facebook

More than 800 data breach incidents counted over three years

NHS staff have been breaching the Data Protection Act (DPA) by posting confidential patient details and photographs on Facebook, a report has found.

This was one of the ways that patient medical records were compromised by staff at NHS trusts across the country between July 2008 and July 2011. There were at least 806 separate data breaches at 152 NHS trusts during the period.

The report from civil liberties campaigners Big Brother Watch, based on information gathered from Freedom of Information (FOI) Act requests, showed that there were 23 incidents of patient information being posted on social networking sites such as Facebook.

In one case, a medical employee at the Nottingham University Hospital NHS Trust posted a picture of a patient on Facebook, which led to their dismissal. This employee was one of 102 who were sacked after a data breach incident.

However, in many cases, staff were only disciplined internally. This was the only consequence for civilian employees at Pennine Acute Hospital NHS Trust who sent information via Facebook to a parent of a patient and posted sensitive information on the social network site, and for a medical employee at the Cheshire and Wirral Partnership NHS Foundation (Mental Health) who breached confidentiality using Facebook, for example.

Although 74 NHS trusts failed to respond to the FOI request, the data provided by the other trusts show that there were 129 incidents of NHS staff looking up the personal details of their colleagues or family members.

Twenty-four NHS Trusts reported 57 incidents of staff stealing, losing or leaving behind confidential medical information.

"This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected.

"As the Summary Care Record scheme is rolled out and an increasing number of people have access to private patient information, urgent action is needed to ensure that we can be sure our medical records are safe," said Nick Pickles, director of Big Brother Watch.

Earlier this month, Information Commissioner Christopher Graham said data breaches in the NHS continue to be "a major problem". Of the 47 undertakings the ICO has agreed with organisations that have breached the Data Protection Act since April, over 40 percent (19) were in the healthcare sector.

Copyright © 2011 IDG Communications, Inc.

How to choose a SIEM solution: 11 key features and considerations