Survey exposes unsafe security practice

  • 7 March 2005

Measures taken by doctors to safeguard confidentiality, especially electronic records, are severely deficient and fuel the concerns of those trusted to police data security, say the authors of a letter to the British Medical Journal.


The signatories to the letter draw their conclusions from a survey of 32 surgical trainees invited to complete a questionnaire about their Data Protection Act registration and electronic data confidentiality practices.


They report: “Of 29 responders, 26 trainees regularly computerised and stored patients’ data. One person was registered with the Data Protection Act. Only three of 14 desktops, eight of 19 laptops, and three of 14 handheld computers forced a password logon. Sixteen of 29 trainees used the same password for all machines, and 25 of 27 passwords were less than eight characters long.


“All desktops, 16 of 19 laptops, and five of 14 handhelds were routinely connected to the internet, and half of these had not had their online security settings adjusted. Of 29 trainees, 28 did not encrypt their sensitive data files. Ten trainees had sent patients’ data unencrypted over the internet, using a non-secure server.”


The signatories, Damian Mole, a research fellow in surgery at Queen University, Belfast, information technology manager, Colin Fox, and information technology and security manager, Giulio Napolitano, both from the Northern Ireland Cancer Registry, conclude that the confidentiality practices among the trainees are unsafe and speculate that their findings are unlikely to be confined to their group.


Medical IT security training has been started for the surgical trainees and the letter’s authors urge others to initiate similar programmes before a serious breach occurs.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Northern HSC Trust goes live with Clinisys Winpath

Northern HSC Trust goes live with Clinisys Winpath

Northern Health and Social Care Trust in Northern Ireland has gone live with Clinisys Winpath, the laboratory information management system.
Translation tech for patients trialled in Northern Ireland

Translation tech for patients trialled in Northern Ireland

Translation tech is improving communication between staff and non-English speaking patients in the Southern Trust area of Northern Ireland.
Campaign for digital mental health launches in Northern Ireland

Campaign for digital mental health launches in Northern Ireland

A campaign for digital adult mental health and wellbeing has been launched in Northern Ireland to offer self-help resources and tools.