NHS London orders data transfer review

News

  • 17 December 2007
DHI News Team
December 1, 2016

All deliveries of patient information in London have been halted, and the chief executive of NHS London has begun a review of data transfer arrangements after a CD containing details of 160,000 children was lost.

The encrypted CD containing names addresses and dates of birth was lost in transit from BT to St Leonard’s Hospital, Hackney in an incident that occurred on 14 November.

However, fears the CD could contain enough information to enable ID theft, or place children at risk, have been allayed thanks to BT and the NHS trust concerned – City and Hackney PCT – following NHS data protection procedures.

In line with Connecting for Health rules, the disk was protected using 256k encryption and sent by secure courier by BT to St Leonard’s Hospital IT dept. It was signed for by hospital staff but never reached the person in the IT department it was destined for.

BT, the local service provider for NHS IT in London, told E-Health Insider that because the disk failed to reach its destination, the pass phrase key needed to de-crypt the disk was not issued.

A BT spokesperson said that the disk had not been located. “In this instance the encryption pass phrase would only have been released after one of two named individuals confirmed receipt. This was not confirmed so the encryption pass phrase has not been issued.”

The spokesperson said that BT has “cleansed the data” and was returning it to the PCT.

Asked why the data was sent on disk, rather than the secure NHS N3 data network provided by BT, the spokesperson said the trust had requested it be sent by disk. “The transport mechanism depends on what is the most convenient for the trust.”

Speaking to the Evening Standard Ruth Carnall, chief executive of NHS London, said: "We take any breach of security very seriously”.

She said that with the strong encryption and password protection the risk of unauthorised persons viewing the data “is negligible”.

Carnall added: “I have asked for an independent review of all NHS data transfer in London and procedures are in place to stop this from happening again."

Subscribe To Our Newsletters

Find out more

Subscribe to our newsletter

Subscribe To Our Newsletter

Prev News

New blood tracking system used across Europe

Next News

Barking Havering and Redbridge choose Euroking

Related News

UK Biobank to get access to GP patient data for research
AI and Data February 17, 2026

UK Biobank to get access to GP patient data for research

The government will grant approval for UK Biobank researchers to access coded GP patient data for research purposes.
UCP supports joined-up care for thousands more Londoners
Integrated Care January 30, 2026

UCP supports joined-up care for thousands more Londoners

One year on from the expansion of the Universal Care Plan (UCP), thousands more Londoners are benefitting from more joined-up care.
Why the NHS needs a unified approach to cyber security
Opinion October 30, 2025

Why the NHS needs a unified approach to cyber security

We need a shift in how cyber security is perceived, writes Dr Mick Quinn, consultant physician and member of BT’s clinical advisory board