Thousands of patients’ data found by member of the public

East Sussex NHS Trust has written a letter of apology to more than 3,000 people, after a memory stick containing their personal information was found by a member of the public outside a trust building.

The information was not password protected.

Please remember we all have a responsibility to keep patient information safe and protected at all times, from collection to disposal. Here are some information security tips, depending on where you work in the organisation:

In the office/on the road

• Don’t discuss sensitive information in public places
• Where possible, ask patients to confirm personal information
• Keep portable equipment secure
• Always use safe haven faxes (see the Trust’s Safe Haven Procedure for more information)
• Lock offices when unattended
• Do not disclose sensitive information to a telephone caller without first verifying their identity.

At the computer

• Choose good system passwords and change them periodically
• Never share user IDs or passwords
• Keep Smartcards safe
• Log off or lock PCs and laptops (by pressing Ctrl-Alt-Delete) when left unattended

Paper documents

• Keep paper records out of sight and securely stored when not in use
• Verify postal addresses and mark envelopes ‘private and confidential’
• Take care when printing confidential information, especially if the printer is not located close by
• Collect printed documents immediately
• Do not leave confidential documents in the photocopier!
• Ensure paper-based personal information is disposed of in the blue confidential waste bins

Electronic documents

• Only transfer data to removable media if authorised
• Only use Trust issued laptops and USB sticks (with integral encryption)
• Use secure NHS.net email when sending personal information
• Computer media requires special destruction (contact the ICT Service Desk for advice)

 For more information, please visit the information governance pages on East24.

Published 19th July 2015