Records of 38,000 Isle of Wight patients lost

Tags: GP GPs Helpline Information Governance INPS PCT

23 May 2008

An encrypted back-up tape containing the medical records of over 38,000 patients from the Isle of Wight PCT has gone missing in the post.

The tape contains medical records of 38,650 current and past patients of the Sandown Health Centre from July 1996 onward, and went missing somewhere between GP systems provider INPS and the surgery.

INPS had checked the tape to ensure it could be used effectively to restore information to the practice computer system in the event of a system failure or other emergency, however, the tape was not delivered by courier firm City Link.

Sent on 11 March, it took two months before the tape’s disappearance was discovered by INPS and the PCT.

In a statement, the PCT confirmed the tape was missing, and added: “The Isle of Wight NHS Primary Care Trust and the Sandown Health Centre are taking action to reassure patients after a computer tape containing their personal details went missing. The tape includes all current patients and large numbers of patients who registered on a temporary basis whilst visiting or working on the Island and patients who have since transferred to practices elsewhere.

“The risk of the tape being misused is extremely small. The tape requires specialist computer equipment to run it and the data is password protected. In addition, highly advanced computer skills and/or access to a specialist programme only normally used by GPs and the data verification company are needed to make any sense of the information on the tape.”

The incident comes five months after NHS chief executive David Nicholson wrote to all NHS trust chief executives telling them to review and tighten their information governance and data transfer arrangements.

The tape was meant to be tracked at every stage by City Link to ensure it reached its destination - the courier firm admitted this had not happened and it is now investigating the loss.

A spokesperson said: “We are naturally very concerned by the loss of our customer’s consignment and a rigorous search for the parcel continues. We are doing everything in our power to resolve the matter and return the package as quickly as possible.”

The PCT is now working to inform patients of the disappearance and has set up a telephone helpline to help assure them that their records are safe.

The interim chief executive of the PCT, Margaret Pratt, said: “Although there is very little chance of anyone being able to do anything untoward with this tape, should they find it, it is potentially a very serious loss of confidential information.

She added: “I should stress that neither the Health Centre nor the NHS more widely on the Island are in any way responsible for this tape going missing. However, we will, of course, be reviewing the procedures used for data verification by practices to see if there are lessons to learn.”

GPs at the Sandown Health Centre also stressed that patient care would not be compromised by the loss of the tape.

Dr Peter Randall, Senior Partner at the Sandown Health Centre, added: “We have another copy of the back-up tape and our main computer records system is not affected by this. So we still have access to all the information we need and patient care is not compromised in any way.

“My own view is also that the risk of any harm resulting is minimal. My own family are registered as patients at this practice which means their details are amongst those on the tape. I have no worries about the information falling into the wrong hands and being used improperly.”

INPS had not commented on this story at the time of publishing.

Joe Fernandez

Reader's Comments

Are courier services reliable, and was it encrypted?

maryhawking@tigers.demon.co.uk

25 May 08 20:05

This seems to have been a problem with the courier service: is this a common problem? i.e. can you trust secure courier services in general? In addition, the article says that the disc was encrypted, but the PCT says it was password protected: which was it? Encrypted sounds more secure than password protected. Should there be a mandated system when discs containing confidential information are being sent of informing the recipient that they have been sent, and a requirement that the recipient should acknowledge safe receipt? After all, in this case it took two months for the PCT and INPS to discover the loss: no information on how long it took the couriers.

Mixed

Neil.Bhatia@nhs.net

27 May 08 09:05

I'm guessing a mixture of encrypted and password protected.

For EMIS practices, the main patient record file is fully encrypted, but the hundreds of thousands of scanned hospital letters/correspondence and GP-written referral letters - i.e. all the attachments - are not encrypted.

Until EMIS come up with a reliable encryption service we are not sending any backup tapes for verification/DVD burning.

Why the delay? It's been months since the HMRC scandal. (http://tinyurl.com/5g2lgs)

Centrally held vs lost records!

28 May 08 09:05

Did anyone else notice the juxtaposition of an article about lost GP records and an article calling for a halt to centrally held records? Of course if we had centrally held records we wouldn't need to be sending discs by couriers would we?

Archaic methods

28 May 08 10:05

Back-up tapes, courier companies, disks etc.etc..... We need to move on, this situation is a great example of the benefits of why we need to move to centrally hosted records. SystmOne users like myself have none of the above worries. All records are held in a safe, secure data centre which is mirrored, enusuring patients details are protected and always available to the appropriate clinician.

Simple

Neil.Bhatia@nhs.net

28 May 08 10:05

All you need is for the entire backup to be encrypted, and to be sent by a reliable secure courier, preferably tracked. It is simple.