An email sent by the NHS advice service mistakenly disclosed personal information about patients, although it did not leave the health service. The organisation's annual report for 2008-09 reveals that the information, including the names, addresses, NHS numbers, dates of birth and clinical data of about 100 patients, was …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 28th July 2009 16:02 GMT Anonymous Coward

A spreadsheet?

Oh, FFS.

0 0
Tuesday 28th July 2009 16:02 GMT Frank Bitterlich

The usual bollocks...

Quote: "NHS Direct takes data protection very seriously and we regularly review our processes and train our staff in order to ensure that we fulfil our responsibilities in this area." That's a lie. Proof:

"... this happened when a spreadsheet was emailed to three people in error."

a) "spreadsheet" + "emailed": FAIL.

b) "spreadsheet" + "emailed" + "to three people": Catastrophic FAIL.

c) "emailed" + "in error": Final, irrevocable proof that they...

- do NOT train their staff in any meaningful way

- do NOT take data protection seriously

- do NOT fulfill their responsibilities in this area.

End result: Complete, utter, FAIL.

0 0
Tuesday 28th July 2009 21:36 GMT Martin 6

@The usual bollocks.

You missed the bit where the spreadsheet was a photo of a screendump printed out and placed on a wooden table before being pasted into a spreadsheet.

0 0
Tuesday 28th July 2009 21:36 GMT Jon 48

Jon

Hardly a major failure. The information didn't leave the NHS so everyone who saw it would already be bound by patient confidentiality rules. Every company I've ever worked for has used spreadsheets for emailing information, at least the NHS is acting responsibly by holding its hands up and admitting it.

0 0
Tuesday 28th July 2009 21:36 GMT Anonymous Coward

Why not

Just give the whole lot to Google to look after --- and make it publicly available.

We might just as well google for each other's personal details as find them on park benches and the back seats of cars.

0 0
Wednesday 29th July 2009 09:18 GMT Anonymous Coward

Patient confidentiality

isn't between the patient and ALL of the NHS. So data ending up with the wrong employees is a breach of that confidentiality. At least they're owning up to it but still they're not exactly showing trust-inspiring levels of competence.

0 0
Wednesday 29th July 2009 09:25 GMT Dale Richards

@Jon 48

-- "The information didn't leave the NHS"

This isn't guaranteed. The spreadsheet was emailed to "another part of the health service" - depending on their definitions, it's entirely possible that the email in question travelled over the Internet, and could therefore have been intercepted at any one of a number of points along the way...

0 0
Wednesday 29th July 2009 10:20 GMT Dr Patrick J R Harkin

@Dale Richards

If it was emailed, it *should* have gone over NHSNet (which has been renamed, but I can't remember what to, N3 I think) which has a separate encrypted backbone and shouldn't end up going through any unapproved ISP's.

0 0
Wednesday 29th July 2009 15:16 GMT Jon 66

@Dr Patrick J R Harkin

I should imagine you are correct that any NHS email address would have been routed over N3.

Glad to know that our data is completely safe as surely no employee in their right mind would have the gall to put an internet email address into the CC field....

0 0
Monday 3rd August 2009 08:47 GMT William saywell

@Jon66

In this case you are probably correct, as the sender and recipient would almost certainly have been using NHS mail which is secure end-to-end between nhs mail addresses [@nhs.net].

However, the principle doesn't hold generally, as [unlike social services and MoD] there are many parts of the nhs that use @nhs.uk addresses, which are not secure outwith their own organisation, and so are inappropriate for sending patient data to other domains [including other @nhs.uk and @nhs.net adressees], as this traffic would be routed over the internet.

William.

0 0