25 May 2015 18:23

Twitter RSS Newsletter Send to a friend

South London has four data 'near misses'

13 April 2012   Chris Thorne

Employees at South London Healthcare NHS Trust have breached the Data Protection Act four times in the past year, on one occasion leaving sensitive patient data in a grocery store, according to the Information Commissioner’s Office.

The trust informed the ICO of the loss of two unencrypted memory sticks, of ward lists left in a grocery store, and a failure to adequately secure some patient paper files when they were not in use. Each incident involved the loss of sensitive patient data.

The first USB stick was lost after an employee downloaded data onto a personal, unencrypted device in order to do some work at home.

The employee, who had not received the latest information governance training, misplaced the device, resulting in the loss of data relating to around 600 maternity patients.

The second incident involved a memory stick that contained the names and dates of birth of 30 children and full audiology reports for a further three children.

An undertaking to improve data security in the future, signed by the trust, says: “both devices were later found and it is unlikely that they were readily accessible during the time they could not be located.”

The ICO also found that a junior doctor was in breach of trust policy by taking ward lists containing the name, date of birth, diagnosis, treatment plan and test results for 122 patients out of the hospital, subsequently leaving them in a grocery store.

In the final incident, South London reported that some genito-urinary clinic outpatient files were not being locked away when not in use. However they were being stored in areas with secure access controls.

The ICO decided against exercising his powers to serve an enforcement notice under section 40 of the DPA after “remedial action” was taken by the trust.

A spokesperson for South London Healthcare told eHealth Insider: "The trust has implemented a range of measures to ensure that the incidents which took place last year do not happen again.


“These include ensuring all that all USB sticks issued by the trust are encrypted and that computers at the trust will only accept encrypted USB sticks.

“This means that if a USB stick is inadvertently left unattended, the contents on the stick will not be accessible to members of the public. Also the trust continues to focus on improving information governance training levels for all staff."

Board papers from a public meeting held on 25 January report the incidents as “near misses.”


EHI Intelligence Profile
EHI Intelligence

  • Trust:  secure content

Related Articles:

1 News: NHS staff breach patient data daily | 28 October 2011
4 News: ICO acts on NHS info governance | 7 September 2011
13 News: NHS tops ICO list of data breaches | 1 June 2010
Last updated: 13 April 2012 15:51

© 2012 EHealth Media.


About us | Advertise | Terms and conditions | Community and comment rules | Privacy policy | Cookie policy | Contact us
Digital Health Intelligence Limited
Digital Health is managed and maintained by Digital Health Intelligence Limited © 2015
Registered Office: Southbank House, Black Prince Road, London SE1 7SJ
Registered No. 9257440 | Vat No. 198 3531 71