NHS Lothian implements USB stick lock-down

News

  • 9 September 2008
Lyn Whitfield
December 1, 2016

NHS Lothian is taking further action to prevent staff losing data on USB sticks, after a community health worker lost the personal details of 137 patients on a memory stick at the end of June.

Since the loss of the memory stick, which held letters to central Edinburgh GPs, the trust has run a USB stick amnesty and a data security information campaign that has included putting leaflets about its data security policies into staff payslips.

It has also bought a “technological” solution that will give the trust far more control over which staff can carry data on memory sticks and what data they can carry.

Martin Egan, director of e-health, said: “The leaflets we are sending out set out once and for all our policies and processes. We are putting them in pay slips to make sure they reach all staff.

“We have put the message out before, but internal surveys suggest that some staff are ignoring it – so we felt we needed a technical solution as well. That is why we are implementing the USB lock down.

“It will mean that no USB stick can be written to unless it is a bona-fide, NHS Lothian USB stick, and the information is encrypted.” People will be able to read from USB sticks if they need to do this for presentations and projects.

NHS Lothian has bought Lumension Security’s Sanctuary Device Control for the lock-down. Mr Egan said a key factor was that this enables encryption without the user needing administrator rights on their PC. “We do not give those out more than we have to, because that is a security risk in itself,” he said.

The new controls will be linked to the trust’s Active Directory, so it can deploy them on a named individual basis. Mr Egan said it was still collecting old USB sticks and issuing new ones.

“We have purchased 4,000 new USB sticks, which we think will be enough,” he said. “But one of the principles of the new policy is that these will be issued carefully.

“If you are going to hold patient identifiable information on a data stick, you will need explicit permission from the Caldicott Guardian to do it. If you are going to carry day to day corporate data, you will need to have signed all the relevant policies.”

Mr Egan told E-Health Insider he felt the new solution would put the trust back in control of its data. “I feel that using this tool puts me in control,” he said. “Before, we just had to hope that our staff would be doing the right thing and following our policies. Now, we know whether they are doing that.”

NHS Lothian has also bought an encryption solution for its laptops and is “on course” to have them all encrypted by the government deadline of March next year.

 

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Voice Recognition 2008

Next News

German diabetes risk management study begins

Related News

Concerns raised that NHS digital plans could exclude older adults
News November 5, 2024

Concerns raised that NHS digital plans could exclude older adults

Concerns have been raised that government NHS plans, including having a single patient record through the NHS App, will exclude older people.
Digital Health Unplugged: The challenges of clinical coordination in the UK health system
Podcast October 23, 2024

Digital Health Unplugged: The challenges of clinical coordination in the UK health system

Jordan Sollof is joined by DJ Hamblin-Brown and Simon Weldon to discuss the challenges of clinical coordination in the UK health system.
Government funds research into VR and AI to tackle drug deaths
News October 18, 2024

Government funds research into VR and AI to tackle drug deaths

The government has awarded £12m to UK projects that are researching wearable tech, VR and AI to reduce drug deaths and improve outcomes.