Friday, June 17, 2011

Blogscan: UK unencrypted laptop health breach affects more than 8.6 million records

From the blog "Australian Health Information Technology":

Who Needs Hackers When There Are Accidents Like This? The PCEHR [Personally Controlled Electronic Health Record - ed.] Won’t Avoid Hacker Attention I Suspect.

The following popped up a little while ago.

By Dom Nicastro

Think the United States has its problems with securing patient health information?

We’re not alone.

London Health Programmes, a medical research organization based at the NHS North Central London health authority, has reported missing an unencrypted laptop containing information of 8.63 million patients and 18 million hospital visits, operations and procedures, according to today’s issue of The Sun.

The data does not include names, “but patients could be identified from postcodes and details such as gender, age and ethnic origin,” according to the newspaper. Information on the laptop included records of cancer, HIV, mental illness and abortions.

The computer was one of 20 lost, and officials have since recovered eight. The research organization “only just” reported the missing laptops to police although they went missing three weeks ago, according to the newspaper.

The Information Commissioner’s Office, Great Britain’s independent authority that promotes data privacy for individuals, has issued a statement regarding the laptop theft:

“Any allegation that sensitive personal information has been compromised is concerning and we will now make inquiries to establish the full facts of this alleged data breach.”

More here with a gruesome list of UK breaches.

Clearly this sort of incident is made more significant when material like this is appearing regularly.

We've posted numerous times at Healthcare Renewal on the impossible dream of electronic medical record privacy, security and confidentiality. See blog query links here and here.

-- SS

1 comment:

Anonymous said...

Word is a large healthcare provider is about to sell the software of a large american vendor to the NPfIT based on their successes there.

Same is planned for Aus by these folks.

A "private" non-profit partner is the perfect fit for a huge for profit software company that must divulge information to stockholders, health quality watchdogs, and the SEC.

Perfect way to keep things quiet and offload low margin or loser business to the non-profit while keeping the high profit business.

The executives of the non-profit are invested up to their ears in the stock of the for profit partner.

You didn't hear it here.