Data breaches in the health system

July 7, 2015 |

Notwithstanding the critical importance of privacy in the health there remains chronic problems with maintaining proper data security in the sector. The BBC story East Sussex NHS Trust apologies over data breach which reports that in the UK a USB stick containing personal information collected by the National Health Service which was found by a member of the public.   Meanwhile in New Zealand, according to Swift apology after mental health privacy breach, a mental health support group revealed the email addresses of hundreds of people with anxiety disorders.  Poor data management is at the core of both incidents.

The BB Story provides:

More than 3,000 patients have been sent a letter of apology by the NHS after a computer memory stick containing their personal information was found by a member of the public.

East Sussex NHS Trust said the stick had been left by a member of staff near a trust building.

The information was not password protected.

The trust said it took data security “extremely seriously” and the loss was an “isolated incident”.

‘Really disturbing’

Simon Keen, who was one of the patients whose data was on the stick, said: “They could have credit cards made, things could be purchased online – organised criminals pay a lot for this information.

“Yet the NHS is putting it on a computer stick and a member of the public is finding it in the street

“I find that really disturbing.”

The chief executive of East Sussex Healthcare NHS Trust, Darren Grayson, said the data stick belonged to a member of staff and was not compliant with trust policy.

“It was an isolated incident and the trust takes the security of patient’s personal information extremely seriously,” he said.

The New Zealand Story provides:

A mental health support group is “mortified” after accidentally sending out the email addresses of hundreds of people with anxiety disorders.

Christchurch woman Debbie Wilson said she received an email from Mental Health Advocacy and Peer Support (MHAPS) on Thursday and saw the addresses of the more than 200 recipients were visible.

The same thing had happened once before, Wilson said, and she complained about it at the time. She was angry the mistake had been repeated.

“I think that people should know that these things can happen,” she said.

MHAPS general manager Sue Ricketts confirmed the email had been mistakenly sent without hiding the recipients’ addresses.

She said the manager who sent the email was distraught. “We are absolutely mortified with this.”

Ricketts immediately apologised and thanked Wilson for alerting them to the mistake. The team would now have all bulk emails checked by a second person in an attempt to prevent a repeat error, she said.

The distribution list was for people who had signed up to hear about programmes such as relaxation classes run for people with mental health issues.

Wilson had signed up for the list but had never gone to any of the events because her “anxiety took over”.

She said it came “out of the blue” how upsetting she found the email slip up.
Ad Feedback

“I was in tears … I was thinking ‘It’s only an email’.”

That was part of the anxiety issues she faced, she said. Sometimes she did not know what would trigger an intense reaction.

“I barely even go out of the house unless I’m with somebody, I can’t do too much. I’m not saying everybody on the list is affected by it, but one’s enough.”

Ricketts said the manager would send an apology to all those on the mailing list and offered Wilson a personal apology.

One Response to “Data breaches in the health system”

  1. Data breaches in the health system | Australian Law Blogs

    […] Data breaches in the health system […]

Leave a Reply