All deliveries of patient information in London have been halted, and the chief executive of NHS London has begun a review of data transfer arrangements after a CD containing details of 160,000 children was lost.
The encrypted CD containing names addresses and dates of birth was lost in transit from BT to St Leonard’s Hospital, Hackney in an incident that occurred on 14 November.
However, fears the CD could contain enough information to enable ID theft, or place children at risk, have been allayed thanks to BT and the NHS trust concerned – City and Hackney PCT – following NHS data protection procedures.
In line with Connecting for Health rules, the disk was protected using 256k encryption and sent by secure courier by BT to St Leonard’s Hospital IT dept. It was signed for by hospital staff but never reached the person in the IT department it was destined for.
BT, the local service provider for NHS IT in London, told E-Health Insider that because the disk failed to reach its destination, the pass phrase key needed to de-crypt the disk was not issued.
A BT spokesperson said that the disk had not been located. “In this instance the encryption pass phrase would only have been released after one of two named individuals confirmed receipt. This was not confirmed so the encryption pass phrase has not been issued.”
The spokesperson said that BT has “cleansed the data” and was returning it to the PCT.
Asked why the data was sent on disk, rather than the secure NHS N3 data network provided by BT, the spokesperson said the trust had requested it be sent by disk. “The transport mechanism depends on what is the most convenient for the trust.”
Speaking to the Evening Standard Ruth Carnall, chief executive of NHS London, said: "We take any breach of security very seriously”.
She said that with the strong encryption and password protection the risk of unauthorised persons viewing the data “is negligible”.
Carnall added: “I have asked for an independent review of all NHS data transfer in London and procedures are in place to stop this from happening again."