Between July 2011 and July 2012, the United Kingdom's National Health Service experienced several data breaches that exposed nearly 1.8 million patient records, according to a Daily Mail investigation.
For the investigation, the Daily Mail examined data breach reports that the U.K. Information Commissioner's Office filed under the country's Data Protection Act during the 12 months following July 2011. The figures include breaches that occurred in England, Wales and Northern Ireland.
During that time period, the Daily Mail found that 1,779,597 patient records were exposed in 16 major data breach incidents involving NHS organizations.
Types of Breaches
Some of the breaches included:
- An NHS Trust faxing medical records on terminally ill patients to the wrong number (Doyle, Daily Mail, 10/29);
- Electronic health records being sold on an Internet auction site;
- Patient health records being stolen and posted on the Internet; and
- Unsecured laptops being stolen from NHS staff members' homes.
Response to Breaches
Patient privacy advocates have expressed concern about the data breaches, saying that NHS needs stronger security protocols (London Telegraph, 10/29).
During the last six months, U.K. Information Commissioner Christopher Graham has levied fines totaling nearly £1 million -- or about $1.6 million -- on NHS organizations over data breach incidents.
To improve its response to such incidents, the Information Commissioner's Office is requesting new powers to conduct mandatory audits on hospitals and NHS trusts (Daily Mail, 10/29).