Backup and Storage

Healthcare trust loses details of more than 600 patients

Misplaced USB keys held the records of the trust’s maternity patients

A south London healthcare trust revealed it had lost the details of more than 600 of its maternity patients after an employee misplaced two unencrypted memory sticks that contained their information, the Guardian has reported.

The member of staff in question had been planning to use the records that they had transferred onto a personal USB key to work from home, and it was their failure to properly guard the files that led to the disappearance.

As the memory sticks were not encrypted and no security measures were in place to protect the information stored on them, the details would have been readily available to anyone who stumbled across the lost devices.

With two further data breaches that involved paper files also being revealed, there appears to have been an issue regarding the security of information stored both electronically and physically by the trust.

Properly storing patients’ files and adequately protecting their records is vital to boosting confidence among the public in terms of the security of their details, so the trust has since agreed to encrypt the data it stores on mobile and portable devices such as laptops and USB keys in the future.

A secure online backup service could be one of the answers to the trust’s problems as this would enhance the protection of their data, while secure document storage could also have the same effect in preventing the exposure of paper files.

Properly training employees in the need for safe practices when handling patients’ details can also assist in promoting the need for efficiency and preventing files being clumsily misplaced, and this is another measure that the trust has also agreed to adopt.

Given that the two lost memory sticks have now been recovered, there appears to be no further risk to those whose information was exposed, yet the event reveals the need for proper management of records storage as well as adequate training to prevent human error when processing people’s personal details.