East Sussex NHS Trust has written a letter of apology to more than 3,000 people, after a memory stick containing their personal information was found by a member of the public outside a trust building.
The information was not password protected.
Please remember we all have a responsibility to keep patient information safe and protected at all times, from collection to disposal. Here are some information security tips, depending on where you work in the organisation:
In the office/on the road
- Don’t discuss sensitive information in public places
- Where possible, ask patients to confirm personal information
- Keep portable equipment secure
- Always use safe haven faxes (see the Trust’s Safe Haven Procedure for more information)
- Lock offices when unattended
- Do not disclose sensitive information to a telephone caller without first verifying their identity.
At the computer
- Choose good system passwords and change them periodically
- Never share user IDs or passwords
- Keep Smartcards safe
- Log off or lock PCs and laptops (by pressing Ctrl-Alt-Delete) when left unattended
Paper documents
- Keep paper records out of sight and securely stored when not in use
- Verify postal addresses and mark envelopes ‘private and confidential’
- Take care when printing confidential information, especially if the printer is not located close by
- Collect printed documents immediately
- Do not leave confidential documents in the photocopier!
- Ensure paper-based personal information is disposed of in the blue confidential waste bins
Electronic documents
- Only transfer data to removable media if authorised
- Only use Trust issued laptops and USB sticks (with integral encryption)
- Use secure NHS.net email when sending personal information
- Computer media requires special destruction (contact the ICT Service Desk for advice)
For more information, please visit the information governance pages on East24.
Published 19th July 2015