Poor security in NHS portable data storage, says survey

News

  • 28 June 2006
DHI News Team
December 1, 2016

A survey into the use of portable storage devices by NHS professionals and suppliers has revealed that half of those interviewed use their own devices to store data and 20% of the devices used are left unencrypted with no password protection.

A total of 40% of clinicians and IT managers said that they used passwords with no second method of encryption. The most popular mobile data storage device was a USB stick (76%), with 51% using PDAs and only 2% storing data on phones.

Out of those who used mobile devices to store patient records, variable security was reported, with the majority using a single password and a small number with no security at all. 57% said they were worried that patient confidentiality would be breached if their devices fell into the wrong hands.

One response from a clinician who carried patient records was: "My patients couldn’t afford to pay for blackmail, and they probably wouldn’t care if others knew."

Martin Allen, managing director of Pointsec Mobile Technologies, which carried out the survey with the British Journal of Healthcare Computing and Information Management, said: "There is much documented evidence of patients who are worried about the safe-keeping of electronic medical records, but this survey shows the medical sector themselves are worried about medical information being held on mobile devices which are not secured by their NHS trust."

The technology firm argues that holding data on personal devices is a failure of security policy, and pointed out that while 80% of those surveyed said their organisations had security policies in place, the survey’s responses clearly show that the policy was not always followed.

"It will only be a matter of time before these weaknesses are exploited as it is very easy to steal or pick up a mobile device and access the information," added Allen.

A quarter of those surveyed had lost a mobile device in transit. Half had found them again, but anecdotal evidence had claimed that disciplinary action had occurred in a couple of cases.

"Our advice is that any NHS trust or organisation downloading sensitive or patient records should automatically encrypt the information," said Allen.

Subscribe To Our Newsletters

Find out more

Subscribe to our newsletter

Subscribe To Our Newsletter

Prev News

NPfIT scrutinised by Public Accounts Committee

Next News

MP quizzes Blair on national programme money

Related News

UK Biobank to get access to GP patient data for research
AI and Data February 17, 2026

UK Biobank to get access to GP patient data for research

The government will grant approval for UK Biobank researchers to access coded GP patient data for research purposes.
How to turn NHS data into ‘gold’
Opinion August 13, 2025

How to turn NHS data into ‘gold’

The NHS holds vast stores of data it cannot use or sell.  Synthesised data is the answer, write Martin Farrier and David Chapman
Digital Health Unplugged: Mobile technology in healthcare
News August 12, 2025

Digital Health Unplugged: Mobile technology in healthcare

This episode, in partnership with Digital Health Networks sponsor Imprivata, focuses on all things mobile technology in healthcare.