Security alert over NHS data breach

Nov 11 2010 By Alison Dayani

Jonathan Tringham, Director of Resources at NHS Birmingham East and North, confirmed an investigation was under way and said: “This incident concerned staff access only and not access by the general public or other external bodies.

“This has been reported to the Information Commissioner and a review of all IT files and permissions has been launched.

“Documents with patient identifiable data were potentially available to staff across the three trusts. At no point were patient records accessed inappropriately. Measures exist to ensure staff are aware of and comply with all policies and legislation on confidentiality and data protection.

“We are currently working through our plans and the cost of rectifying the issue is being assessed. We anticipate much of the work will be done without extra cost to the PCTs.

“The contract of the Interim Director of the Birmingham Primary Care Shared Services Agency has come to an end.”

He added: “Staff are given access to documents and files based on their roles and we have undergone a wide-scale review of file permissions to ensure that they remain appropriate.

“The PCTs take any information security incidents very seriously and are committed to ensuring IT networks and patient data are secure.”

This latest incident comes after the Information Commissioner’s Office gave Birmingham Children’s Hospital an official warning in July after videos and medical notes of 17 sick children ended up in the hands of criminals who stole two laptops with unencrypted information.