Welcome Guest | Login | Register | Why Register? |
Newsletter RSS Twitter
09 February 2010 | 17:03 GMT

E- Health Primary Care E-Health Europe E-Health Jobs (UK only) E-Health Insider Events
HOME | NEWS | DOCUMENT LIBRARY | FEATURES | OPINION & ANALYSIS | EVENTS | RESEARCH REPORTS | CASE STUDIES | PODCASTS | VIDEO DIARIES

Poor security in NHS portable data storage, says survey

Tags: Confidentiality   Information   iS   mobile   Security  

28 Jun 2006

A survey into the use of portable storage devices by NHS professionals and suppliers has revealed that half of those interviewed use their own devices to store data and 20% of the devices used are left unencrypted with no password protection.

A total of 40% of clinicians and IT managers said that they used passwords with no second method of encryption. The most popular mobile data storage device was a USB stick (76%), with 51% using PDAs and only 2% storing data on phones.

Out of those who used mobile devices to store patient records, variable security was reported, with the majority using a single password and a small number with no security at all. 57% said they were worried that patient confidentiality would be breached if their devices fell into the wrong hands.

One response from a clinician who carried patient records was: "My patients couldn't afford to pay for blackmail, and they probably wouldn't care if others knew."

Martin Allen, managing director of Pointsec Mobile Technologies, which carried out the survey with the British Journal of Healthcare Computing and Information Management, said: "There is much documented evidence of patients who are worried about the safe-keeping of electronic medical records, but this survey shows the medical sector themselves are worried about medical information being held on mobile devices which are not secured by their NHS trust."

The technology firm argues that holding data on personal devices is a failure of security policy, and pointed out that while 80% of those surveyed said their organisations had security policies in place, the survey's responses clearly show that the policy was not always followed.

"It will only be a matter of time before these weaknesses are exploited as it is very easy to steal or pick up a mobile device and access the information," added Allen.

A quarter of those surveyed had lost a mobile device in transit. Half had found them again, but anecdotal evidence had claimed that disciplinary action had occurred in a couple of cases.

"Our advice is that any NHS trust or organisation downloading sensitive or patient records should automatically encrypt the information," said Allen.

© 2006 E-HEALTH-MEDIA LTD. ALL RIGHTS RESERVED.

Readers Comments
Add a comment
Readers Comments

1

Mobile Devices

georgebrown@bulldoghome.com

28 Jun 06 01:10

I'd be interested to know just how many of those mobile devices were WiFi enabled and not WiFi secure?? !!!

2

Wifi USB sticks - why ?

28 Jun 06 10:00

Most USB sticks and PDAs will not be set up for wireless !!

Laptops are a problem though.

On hospital campus, most IT departments will certainly secure the 'authorised' wi-fi. The issue is that it is so easy for an enthusiastic clinician to go out and buy their own kit, or enable their laptop for wireless at home, without considering the security implications.

There is a balance to strike, scare stories are created to sell product, but we do need portable solutions for our highly mobile workforce, and keeping the data remotely via an 'always connected' link is not always possible given the locations healthcare is delivered.

We need innovation and developments. Don't see much coming from LSP solutions in that regard.

3

patients don't care?

29 Jun 06 11:03

"My patients couldn't afford to pay for blackmail, and they probably wouldn't care if others knew." Is that what he/she tells his patients? Believe it or not, most patients do care woh knows their medical information. To think, it's people like him/her that will be responsible for making sure their patients medical data on the spine will be secure. Anyone else feel uneasy with that?

4

A way forward

stewart.smith@cd-tr.wales.nhs.uk

30 Jun 06 09:13

I do get fed up with commenters sniping at people who publish your articles. How about a constructive way forwards? In my Trust we encrypt all laptops as a matter of course and, recognising that we do have a lot of mobile staff (and therefore, mobile data) are working on a policy to protect patient information (and other Trust data) on CDs, USB devices etc. Don't hesitate to contact me if you would like more details.

5

Thanks Stewart

jon@e-health-media.com

30 Jun 06 09:43

Stewart

Thanks for the comment above, I do know what you mean, do let us know whether you get many enquiries on how you are handling this issue at your trust.

Best regards

Jon Hoeksma Editor, E-Health Insider

6

Outrageous

30 Jun 06 11:27

"My patients couldn't afford to pay for blackmail, and they probably wouldn't care if others knew."

Yes, & the NHS is no place for clinicans like this - who have not the slightest grasp about their parents & their dignity.

7

security

30 Jun 06 11:54

I have no doubt that there are a lot of trust, practicies and medics that do take their responsibilty to making sure data is secure very serious. I also think that those that do, should be congratulated for it.

I think the point that was trying to be made is that there is also a lot that do not.

8

Portable Data Storage Devices

03 Jul 06 10:07

Why would clinicians use there own devices if there employer supplied them with devices that are password protected and encrypted?

Is this because your employer does not supply a suitable device?

Search
News Features Jobs Newsletters

Past: 24 hrs|7 days|Month

Most commented
Most commented
Tags
Tags
Top jobs
More
Top jobs

Featured_recruiters
Featured_recruiters
Contact | About Us | Advertise | Privacy Policy | Terms & Conditions | RSS Feed
E-Health Insider is managed and maintained by E-Health-Media.com ©2010 E-Health-Media Limited.