home| T: 029 2038 5542| contact us| print page
Hospital warned after data protection breach

Hospital warned after data protection breach

20 Oct 2010

The Information Commissioner's Office (ICO) has ordered a hospital trust to improve security after a doctor left the records of 56 patients on the Tube.

The medic, from North West London Hospitals NHS Trust, was taking the printed documents home for audit work on May 27.

Transport for London staff recovered the paperwork, which included personal and diagnostic information about patients, after the doctor realised they were left on the train and alerted the station supervisor.

The doctor was found to have breached the Data Protection Act, while the trust, which informed the ICO of the breach, has signed an undertaking promising to ensure personal data is processed in accordance with the Data Protection Act.

It will employ "pseudonymisation techniques" to disguise personal details such as patient names in printouts.

It is not the first time North West London Hospitals NHS Trust has lost patient records.

It promised to improve data security after a desktop computer containing 180 patient details - including names, dates of birth and clinical information - was stolen from Northwick Park Hospital in north London in 2008.

Copyright © Press Association 2010


Heledd Lloyd-Jones who leads the Information Governance team at Morgan Cole comments:

Pseudonymisation is a process which involves the removal of identifying information from data but does so in such a way as to allow the data to be restored to an identifiable format when required. It differs from anonymisation, which is characterised by the irreversible removal of identifying data.

Pseudonymised data continues to be "personal data" for the purposes of the Data Protection Act because, in the words of section 1 DPA, it is data relating to an individual who can be identified from that data together with other data in the possession of the data controller. As such, pseudonymised data continues to be subject to the full requirements of th DPA, even though the identity of data subjects is not apparent from the data itself. This means that pseudonymised data must be used fairly and not for purposes that are incompatible with the purposes for which the data was originally acquired. Anonymised data which, after anonymisation, no longer satisfies the DPA's definition of personal data is not subject to such restrictions. The benefit of pseudonymisation techniques for data controllers is that the potential for breach of confidence or breach of individuals' privacy rights is considerably reduced where identifiable information is stripped from personal data. Furthermore the use of pseudonymisation can help organisations limit unnecessary internal access to identifiable data. In addition the data security obligations that apply to pseudonymised data are very much less onerous than the obligations that attach to fully identifiable data.  

NHS bodies are required as a matter of policy to achieve full implementation of pseudonymisation by March 2011 for non clinical secondary use of patient data; a suite of NHS guidance on pseudonymisation as been produced  by the NHS "Pseudonymisation Implementation Project" to assist health care providers at local level