NHS Lothian implements USB stick lock-down

  • 9 September 2008

NHS Lothian is taking further action to prevent staff losing data on USB sticks, after a community health worker lost the personal details of 137 patients on a memory stick at the end of June.

Since the loss of the memory stick, which held letters to central Edinburgh GPs, the trust has run a USB stick amnesty and a data security information campaign that has included putting leaflets about its data security policies into staff payslips.

It has also bought a “technological” solution that will give the trust far more control over which staff can carry data on memory sticks and what data they can carry.

Martin Egan, director of e-health, said: “The leaflets we are sending out set out once and for all our policies and processes. We are putting them in pay slips to make sure they reach all staff.

“We have put the message out before, but internal surveys suggest that some staff are ignoring it – so we felt we needed a technical solution as well. That is why we are implementing the USB lock down.

“It will mean that no USB stick can be written to unless it is a bona-fide, NHS Lothian USB stick, and the information is encrypted.” People will be able to read from USB sticks if they need to do this for presentations and projects.

NHS Lothian has bought Lumension Security’s Sanctuary Device Control for the lock-down. Mr Egan said a key factor was that this enables encryption without the user needing administrator rights on their PC. “We do not give those out more than we have to, because that is a security risk in itself,” he said.

The new controls will be linked to the trust’s Active Directory, so it can deploy them on a named individual basis. Mr Egan said it was still collecting old USB sticks and issuing new ones.

“We have purchased 4,000 new USB sticks, which we think will be enough,” he said. “But one of the principles of the new policy is that these will be issued carefully.

“If you are going to hold patient identifiable information on a data stick, you will need explicit permission from the Caldicott Guardian to do it. If you are going to carry day to day corporate data, you will need to have signed all the relevant policies.”

Mr Egan told E-Health Insider he felt the new solution would put the trust back in control of its data. “I feel that using this tool puts me in control,” he said. “Before, we just had to hope that our staff would be doing the right thing and following our policies. Now, we know whether they are doing that.”

NHS Lothian has also bought an encryption solution for its laptops and is “on course” to have them all encrypted by the government deadline of March next year.

 

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Funding announced to boost development of health tech for cancer

Funding announced to boost development of health tech for cancer

New medical technologies to diagnose cancer, such as scanners and AI models, will be trialled in the UK following new government funding.
Trial will allow women to book breast diagnostic clinics via NHS App

Trial will allow women to book breast diagnostic clinics via NHS App

Women in Somerset with breast lumps will be directly referred to a breast diagnostic clinic via the NHS App under a pilot scheme.
Share of £32m AI funding to speed up prescription deliveries

Share of £32m AI funding to speed up prescription deliveries

A project to speed up NHS prescription deliveries using AI algorithms is to receive a share of £32 million in UK government funding.