The NHS: It’s a service we all use, and we all rely on. And we expect it as a given, that when we visit the doctor, the hospital or other health sector organisations, that the sensitive information they possess about us is treated with care and confidentiality.
The NHS holds millions of sensitive personal information records for almost every individual in the country. And, as with any organisation that stores personal data, the NHS must comply with DPA regulation.
Last week however, the Information Commissioner stated that the health service must do more to keep patients’ personal information safe. His comments come after another five health organisations were found to be in breach of the DPA.
In a damning statement The Commissioner stated:
“Millions of records are constantly being accessed and we appreciate that there will be occasions where human error occurs. But recent incidents such as the loss of laptops at NHS North Central London – which we are currently investigating – suggest that the security of data remains a systemic problem.
“The policies and procedures may already be in place but the fact is that they are not being followed on the ground. Health workers wouldn’t dream of discussing patient information openly with friends and yet they continue to put information on unencrypted memory sticks or fax it to the wrong number. The sector needs to bring about a culture change so that staff give more consideration to how they store and disclose data. Complying with the law needn’t be a day-to-day burden if effective measures are built in and then become second nature.”
IT Governance has the cure.
Data Protection Starts With You
When we think of data protection, our minds spring to cyber attacks, hacking and vulnerabilities within IT systems. We must remember though, that the crucial component of data protection is actually the individual. They are the ones who use, manage and transfer data. Data protection should always begin with the individual.
It’s Easy, With E-Learning
IT Governance has drawn on its years of Data Protection Act awareness training to produce the world’s most useful and complete online e-learning Data Protection Awareness Course.
This course is for all employees in your organisation that are involved in processing personal information in their daily job. Train your staff today and avoid any “low-level” slips in your organisation’s IT security.
It doesn’t matter whether you are a bank, a retailer, a service provider or the NHS. If you store personal data you need to ensure your organisation is DPA compliant and your staff DPA aware. Failure to do so can incur huge fines, brand damage and loss of business.