How would you feel becoming an instant meme? You may have gone into hospital expecting to be cured of that nasty virus. You certainly wouldn’t expect the NHS to make you go viral. Unfortunately, the risk of this happening was highlighted in Big Brother Watch’s latest report on NHS Data Protection Breaches.
The NHS does an excellent job delivering health care every day. However, it only takes a few bad apples to make the whole institution lose the faith of countless patients expecting a basic level of confidentiality. In light of recent research released today by Big Brother Watch, I’m starting to wonder about the culture of data protection in our health service. After all, what kind of government run institution allows employees who lose USB sticks or post personal information to the wrong person?
I’m lucky enough never to have suffered from a serious illness. But I have been in and out of hospital for various ailments over the years and I am deeply uncomfortable with the thought of strangers finding the patient records of my medical care. I suppose some of those visits might be seen as fairly harmless and even amusing. But what if my employer found out? Or what if someone posted the contents of my records online for a cheap laugh?
That may sound a little paranoid. However, one of the most startling findings of the research report produced here at BBW was the revelation that over the past three years, there were 23 cases of NHS staff posting confidential patient data on social networking sites. In one case, a photo of a patient was released onto Facebook.
It is easy to understand how a culture of insensitivity to privacy might come about. It’s even easier to see how it might be acceptable to invade a friend’s privacy for a laugh. But these people are not friends. They are patients. And the jokesters aren’t good natured mates, they’re medical professionals and hospital staff. It is simply too hard to understand is why NHS managers continue to tolerate this culture and justify these actions.
Given the Information Commissioners’ repeated calls – and now the recommendation of the Justice Select Committee – for custodial sentences to be a possibility for those that violate the Data Protection Act, it’s clear that the current regime of protecting our personal information simply isn’t up to the job. Change is needed, and soon.