Im not sure how most trusts work, but ours use an entire drive encryption technology. users have to log in with a username and password before getting anywhere near windows. Taking the drives out of the laptop and putting into another laptop to extract data would be friutless. The entireity of the drive is encrypted. It takes away the need for doctors and staff to encrypt valuable data. Why isnt this practise used everywhere? Using Citrix to publish word if patient letters are created? Surely if your not making adequate attempts to protect patient information you shouldnt be working for the NHS and your probably in breach of Caldocott.