UK health walloped for sick security culture

The UKrsquo;s Information Commissioner has ordered the National Health Service to tighten its grip on security, fearing that data protection is a ldquo;systemic problemrdquo; for its organisations.
Five health NHS organisations have signed recent data security undertakings in response to potential privacy breaches this year caused by staff losing patient records, faxing medical reports to the wrong number, and losing laptops.
Recent incidents such as the loss of laptops at NHS North Central London - which we are currently investigating - suggest that the security of data remains a systemic problem,said Information Commissioner Christopher Graham.
Staff across the nation were accessing millions of records, and there would be occasional human error, but Graham feared the health servicersquo;s underlying culture could be placing patient data at unnecessary risk.
While the NHS had data security policies in place, staff simply were not following them, suggesting there was a culture that did not prioritise data security.
ldquo;Health workers wouldnrsquo;t dream of discussing patient information openly with friends and yet they continue to put information on unencrypted memory sticks or fax it to the wrong number,rdquo; he said.
The health sector needed a ldquo;cultural changerdquo; which encouraged staff to think about how data is stored and disclosed.
The Ipswich Hospital NHS Trust, which misplaced 29 patient records when an employee took them home, has introduced compulsory data protection training for relevant staff.
Two health organisations and an NHS ambulance service have signed undertakings for faxing medical records to the wrong number. One of them, the Dunelm Medical Practice has since programmed its fax machine with numbers for regional branches to avoid a repeat, restricted faxes to exceptional cases and sends ldquo;Electronic Discharge Lettersrdquo; by secure email.

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful cybersecurity companies