An NHS trust has suspended a senior hospital manager over the theft of a laptop containing the personal data of thousands of patients.
The laptop, including names, dates of birth and treatment plans, was taken from the manager’s car in the Borders region of Scotland on 18 June.
A spokesman for Colchester Hospital University NHS Foundation Trust, in Essex, said a police investigation had been launched into the theft of its data.
“The computer contained personal information on several thousand of our patients, amongst many other files of less sensitive data,” said a spokesman.
“The lists contained details including patients’ names, their date of birth, postcode, hospital number and the hospital procedure the patient was about to undertake.”
Peter Murphy, chief executive of the trust, has written to apologise to the affected patients.
“The trust offers all affected patients its sincere apologies for putting their confidential information at risk. The computer was password-protected and only authorised staff with the correct password could access the data. But as the data was not encrypted there is a very small chance that patient details can be accessed.”
He added: “We are holding an investigation into how this incident occurred and its consequences and have suspended the member of staff involved until the investigation concludes.”
A trust spokesman said he did not know why the laptop had been taken to Scotland or the exact location of the break-in.
He said the employee, who has not been named, is a “senior manager” of the hospital.
Copyright © PA Business 2008
Your comments (Terms and conditions apply):
“Yes, there should be much tighter guidelines. I’m considering suing the hospital for this because someone could use my data fraudulently!” – Marilyn Malibu, Essex, UK
“I believe it absolutely vital that data security – even at a “frontline” level – be managed by the hospital/health institution as a whole, unless, of course, we want to overburden the medical professional with information technology commitments. Perhaps they should establish an information technology PhD, to introduce the hippocratic oath to this field? – Sergio Petiziol, Latisana, Italy