NHS London orders data transfer review

  • 17 December 2007

All deliveries of patient information in London have been halted, and the chief executive of NHS London has begun a review of data transfer arrangements after a CD containing details of 160,000 children was lost.

The encrypted CD containing names addresses and dates of birth was lost in transit from BT to St Leonard’s Hospital, Hackney in an incident that occurred on 14 November.

However, fears the CD could contain enough information to enable ID theft, or place children at risk, have been allayed thanks to BT and the NHS trust concerned – City and Hackney PCT – following NHS data protection procedures.

In line with Connecting for Health rules, the disk was protected using 256k encryption and sent by secure courier by BT to St Leonard’s Hospital IT dept. It was signed for by hospital staff but never reached the person in the IT department it was destined for.

BT, the local service provider for NHS IT in London, told E-Health Insider that because the disk failed to reach its destination, the pass phrase key needed to de-crypt the disk was not issued.

A BT spokesperson said that the disk had not been located. “In this instance the encryption pass phrase would only have been released after one of two named individuals confirmed receipt. This was not confirmed so the encryption pass phrase has not been issued.”

The spokesperson said that BT has “cleansed the data” and was returning it to the PCT.

Asked why the data was sent on disk, rather than the secure NHS N3 data network provided by BT, the spokesperson said the trust had requested it be sent by disk. “The transport mechanism depends on what is the most convenient for the trust.”

Speaking to the Evening Standard Ruth Carnall, chief executive of NHS London, said: "We take any breach of security very seriously”.

She said that with the strong encryption and password protection the risk of unauthorised persons viewing the data “is negligible”.

Carnall added: “I have asked for an independent review of all NHS data transfer in London and procedures are in place to stop this from happening again."

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

GP blood testing restored three months after Synnovis cyber attack

GP blood testing restored three months after Synnovis cyber attack

GP blood testing services across south east London have been restored following the cyber attack on Synnovis, NHS London has confirmed.
Health tech can help reframe ageing as an opportunity not a problem

Health tech can help reframe ageing as an opportunity not a problem

Edinburgh's new Global Research Institute in Health and Care Technologies is working on solutions that will enable more people to age well, writes Professor Alan…
WHO launches collaborative network for data and digital health

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.