NHS trusts lose confidential data

By Brian Meechan
BBC Wales political reporter

A report on child patients' information was found in a puddle in Wrexham

More than 150 incidents of data being lost at NHS trusts across Wales have put patient and staff details at risk.

Among the examples over a three year period, patient details from an entire children's ward in Wrexham were found on a piece of paper in a puddle.

In another revealed by BBC Wales after Freedom of Information (FOI) requests, a highly confidential child protection file was sent to the wrong address.

Health Minister Edwina Hart said she was "quite horrified" by the findings.

She said staff losing such data should be disciplined.

The cases were revealed in responses to BBC Wales to FOI requests to the trusts, which provide services through hospitals, health centres and clinics.

The North East NHS Trust reported the highest number of patients' files lost or stolen - more than 50 - but this could be explained by better reporting or a more open approach to FOI.

Its other cases included a senior nurse finding a sheet of paper lying in a puddle that had "confidential and sensitive information", including the names and diagnosis of every patient in the children's ward at Wrexham Maelor Hospital in March 2006.

I was quite horrified at some of the information you showed me concerning patients and particularly children Edwina Hart, Health Minister

The trust also reported five break-ins in one year at two premises in which computer equipment was stolen each time.

Other trusts had several examples of computer thefts and confidential patient's information being breached.

Cardiff and Vale had six computers - mainly laptops - stolen between December 2005 and November 2007.

It said the computers were password protected but it was considering using encryption software for extra security.

Conwy and Denighshire also had a laptop stolen but it contained no personal data and was encrypted.

Cwm Taf was set-up in April this year, replacing Pontypridd & Rhondda.

It reported 10 incidents including patient's details being put into the wrong files or posted to the wrong address.

Confidential personal information also went missing by mail, fax and courier from Velindre NHS Trust.

This included envelopes with test results being found in the street by a passer-by and a mail bag being stolen by "a member of the public wandering within the confines of the Velindre Cancer Centre".

North West Wales NHS Trust reported 10 incidents of patient information being seen by others due to "clerical errors".

Security at Abertawe Bro Morgannwg was breached four times, including a lost ward admission book.

Carmarthenhire NHS Trust had 24 security breaches - mainly thefts of staff wallets and purses - though three laptops were also stolen.

It has now merged with Pembrokeshire and Derwen NHS Trust , which had eight incidents including patients case notes being lost and relatives being given confidential files which they read without permission.

CASES REPORTED North East Wales NHS Trust - 53 incidents Carmarthenshire NHS Trust - 24 incidents Cwm Taf Trust - 10 incidents North West Wales NHS Trust - 10 incidents Pembrokeshire & Derwen NHS Trust - eight incidents Cardiff & Vale NHS Trust - six incidents Source: Freedom of Information response to BBC Wales from trusts

Ms Hart said she was shocked by some of the incidents.

"To be frank I was quite horrified at some of the information you showed me concerning patients and particularly children," she said.

"I regard this as absolute tardiness and of course (these are) disciplinary matters for the trusts with regard to their staff.

"We cannot have confidential information on patients going out in this way

"I appreciate a lot of information flows within the NHS - out of hospitals, into hospitals - but we must try and protect patient records.

"It's the duty of everyone to ensure that they go to the right address and that record aren't left lying around," she added.

Ms Hart said she would ask the head of the Welsh NHS Ann Lloyd, to "make sure the chief executives in the service know my views on this and I expect them to take these matters seriously".

She said she would also be speaking to the trust chairs and others in the NHS when she meets them in the Autumn.

The trusts said they encouraged staff to report all incidents to them and involve the police when necessary.

BBC Wales is challenging the decision of Gwent NHS Trust , the only one to refuse to release the information.

It said it would be too expensive to gather the details.

The remaining trusts reported no incidents.

The information covered April 2005 to March 2008.

Conservative health spokesman Jonathan Morgan AM said the news would "alarm" staff and patients and called for an independent review of the methods used to store NHS data in Wales.

"Existing security measures are clearly not working and ministers need to explain why as a matter of urgency," he said.

"The assembly government must also re-examine its work in developing an electronic patient records system in the NHS to ensure data security is not compromised."