NHS breaches data laws 'six times a day'

Privacy watchdog calls for tougher punishments after finding patient confidentiality breached by NHS more than 7,000 times in three years

A survey of NHS trusts across Britain by a privacy campaign group found there had been more than 7,000 breaches of data protection rules in three years

Confidential patient records are being lost and inappropriately shared by the NHS an average of six times a day, according to new research.

A survey of NHS trusts across Britain by a privacy campaign group found there had been 7,255 breaches of data protection rules in three years, including at least 50 cases of information being posted on social media.

There were also at least 143 cases when patients’ private records were accessed in appropriately by NHS staff for “personal reasons”.

Big Brother Watch, the civil liberties and privacy group which obtained the details using freedom of information laws, said penalties need to be toughened to force the NHS to improve.

The group said the situation appeared to have “worsened” since the last time it carried out similar research in 2011. However, it was impossible to draw a direct comparison between the new report and the previous study.

Emma Carr, director of Big Brother Watch, said: “The information held in medical records is of huge personal significance and for details to be wrongly disclosed, maliciously accessed or lost is completely unacceptable.
“With an increasing number of people having access to patients’ information, the threat of data breaches will only get worse.
“Urgent action is therefore needed to ensure that medical records are kept safe and the worst data breaches are taken seriously.”
She added: “If the government wants to introduce new schemes which will make the public’s data more accessible, then this must go hand in hand with greater penalties for those who abuse that access. This should include the threat of jail time and a criminal record.”
The largest number of incidents was at South West Yorkshire Partnership NHS Foundation Trust (Mental Health), with 869 breaches.
It was followed by two other trusts, each with more than 500 breaches – Taunton and Somerset NHS Foundation Trust and Cambridge University Hospitals NHS Foundation Trust.
Examples of breaches highlighted in the report included confidential details being sent to the wrong patient, medical files being left unguarded on a trolley, medical staff dropping patient notes in a public place, electronic devices being disposed of without their contents being wiped and patient details being faxed to a private company by mistake.