The number of data breaches in the NHS has increased in the last year, despite a previous call by the Information Commissioner for the service to tackle security breaches.
There were 140 data breaches from November 2007 to April 2009, prompting a written warning from the information commissioner to the permanent secretary of the Department of Health, Hugh Taylor.
However, according to figures published by the Information Commissioner’s Office (ICO) on 28 May, there were 167 data breaches over the year to May 2010, bringing the total number of NHS data breaches from November 2007 to May 2010 to 307. While the ICO identified an average of 7.7 NHS breaches per month between November 2007 and April 2009, in the year to May 2010 the average rate nearly doubled to 13.9.
Much of the increase was due to a rise in theft of data. In February 2009 the number since November 2007 was 44, while by May 2010 this had increased to 116 data thefts.
Another significant concern is the amount of data the NHS discloses in error. There were 16 cases from January to May of this year alone, bringing the total overall figure of breaches caused by mistaken disclosure to 43.
Last June, the deputy information commissioner said of data losses: “No public body can afford to take risks with sensitive personal details, least of all health records.”
He added: “The ICO welcomes the fact some breaches are being discovered because of the improved checks and audits that result from taking data security more seriously, including encrypting laptops and staff training. However there is still more to be done.”
Data was also provided by the ICO for local government, central government, other public sector, third sector and the private sector; no other data sets showed the significant increase seen in the NHS.