While travelling on a train a jumior doctor has lost an unencrypted USB key containing sensitive data relating to patinets’ conditions and medication. It is believed that the doctor carried this information with him in order to be able to work from home.

The East & North Hertfordshire NSH Trust has been found to be in breach of the Data Protection Act bu the ICO whose inquiries revealed that the doctor was unaware of the data protection policies and had no access to email to receive policy reminders and updates. The doctor informed the NHS immediately after discovering that he had lost the device. Training is now to be provided to all staff who have access to personal information.

A statement from Mick Gorrill, the head of enforcement at the ICO, was quoted as saying: “Storing sensitive personal data on unencrypted data sticks is a risk Trusts should not be willing to take. If it is vital to store information for handover, this must be done with the highest security measures in place.

“Furthermore, it is vital that employees are fully aware of processes which could have prevented this incident from occurring. I am pleased that the Trust has agreed to take practical and effective steps to ensure such an incident does not occur again.”

Storing sensitive information on unencrypted devices is an absolutely ridiculous practice yet these cases seem to keep appearing. While the doctor was unaware of the policy regarding the transportation of information there should have been technical measures in place to prevent this from happening in the first place.