The National Health Service (NHS): the provider of the nation’s healthcare that we put our trust and confidence in to look after us and care for our bodies and minds. In that trust, we usually give them unlimited access to our medical records.
Within those medical records, the NHS know all about our bumps, scrapes, embarrassing ailments and our most guarded mental health issues. They are a target for hackers and are leading the leagues when it comes to the highest number of breaches, which is very worrying. A lot of it is down to inadequate systems and procedures, but for the victims, it can become a life-changing event.
Under the Data Protection Act of 1998, all authorities, companies and persons must protect the personal information they hold. There is a legal duty for us all to look after and use personal information in a safe and secure way.
Most notable is s55 where no one can illegally obtain and/or disclose personal information.
As a nationwide public service provider, we expect the NHS to prioritise the safety of the sensitive material they deal with on a day-to-day basis; adhering to all relevant legal rules and regulations. You would expect that this is a part of the very basics of their training.
Sadly, however, the NHS often find themselves at the centre of leaks, breaches and hacks, and they are the worst offender for data breaches within these shores according to research.
Some of the most infamous NHS data breaches include:
| Blackpool Teaching Hospital, NHS trust. The hospital was fined £185,000.00 when the information for 6,574 former and current staff members was leaked. An equality and diversity document was accidentally uploaded online. |
| South Central Ambulance Service leaked an equality and diversity document online as well, which included personal information of all of their staff: 2,826 people. They didn’t even realise there had been a breach until the Information Commissioner’s Office (ICO) told them about it during their investigations. |
| 56 Dean Street found themselves in hot water in 2015 when they accidentally included the names and email addresses of almost 800 HIV patients in an e-newsletter. This simple error led to huge distress for many victims, and we have been representing a large number of those affected since news of the breach broke. |
| The ICO investigated a GP surgery manager who had accessed personal information on almost 2,000 patients. Most of these patients were women aged between 20 and 30. The GP was given a warning and issued a fine of £1,400.00.00. |
| Oxford Health NHS Foundation committed a terrible IT error when it uploaded 4,200 patient files online. The blunder was made worse when it then sent personal details of patients to the wrong patients. |
Thousands of NHS data breaches are reported each year – as many as six a day based on recent statistics. Breaches have been committed in all sorts of ways – staff posting patient information on social media; accessing data for personal reasons; losing data; sending the wrong emails to the wrong people etc; sending data to the wrong people; publishing data online; and so on.
Previous reports listed South West Yorkshire Partnership NHS Foundation Trust (mental health) to be the worst single offender with a total of 869 data breach incidents reported during a three-year period.
Mental health issues are naturally sensitive, and those with mental health issues already find it difficult and sometimes intimidating and / or hard to seek help.
A breach happening to a mental health patient could be far more disastrous.