'Up to 3,000' patient records on laptop stolen from GP surgery

19 Dec 07

The news comes just weeks after GPs were warned they could face a £5,000 fine if their laptops containing confidential patient records are stolen.

Cardiff and Vale NHS Trust wrote to 950 patients after the laptop was stolen from St Julian’s GP surgery in Newport on 5 November.

But Hugh Ross, chief executive of Cardiff and Vale NHS Trust, subsequently told the BBC that information on up to 3,000 patients could be on the laptop.

The laptop, which belonged to the Diabetic Retinopathy Screening Service, contained patient contact details, dates of birth, NHS numbers and images of patients’ retinas.

Mr Ross told patients: ‘All Trust computers are password protected to an approved NHS standard to ensure that only NHS staff can access the system. In addition, there are a further two levels of security on this laptop before patient information can be accessed.

But healthcare IT experts warned that patients’ details could be at risk.

Paul Malcolm, general manager of identity and access management company Sentillion, said: ‘Whilst the stolen laptop was reportedly protected with three levels of authentication and security, having patient data on the machine at all creates a risk.’

‘Patient data stored on any mobile device is in jeopardy regardless of how well the data is secured. Instead organisations providing mobile access to very sensitive data should look for other technological solutions. For example, using desktop virtualisation systems would go a long way towards mitigating this kind of problem, as a virtual desktop image would allow the administrator to prevent a stolen laptop being used to access the host system.’

Last month Information Commissioner Richard Thomas told MPs that GPs who had laptops with patient data on stolen from their cars should be fined up to £5,000.

‘If a doctor or hospital [employee] leaves a laptop containing patients’ records in his car and it is stolen, it is hard to see that is anything but gross negligence.’