Campaigners today claim patient confidentiality is being broken at least six times a day in the NHS with one health trust in the region said to have the worst record in the country.
Civil liberties and privacy campaign group Big Brother Watch said the South West Yorkshire Partnership NHS Foundation Trust, which provides community and mental health services in Calderdale, Kirklees, Wakefield and Barnsley, saw nearly 900 breaches in the last three years.
Incidents across the NHS include medical data being lost or stolen, inappropriately shared by email, letter or fax, and at least 50 cases where information has been published on social media.
But campaigners say the Data Protection Act does “very little” to discourage people from breaking the law and call for tougher sanctions. In one case, NHS Surrey was fined £200,000 in 2012 after a computer sold at auction was later found to have the details of 3,000 patients. They said this compared with a £300,000 fine for Sainsbury’s for misleading advertising about strawberries.
Their calls come as Ministers yesterday announced sweeping measures to improve care which will allow health staff to access more details of patients’ medical histories including visits to hospitals, GPs and mental health services.
Emma Carr, director of Big Brother Watch, said: “The information held in medical records is of huge personal significance and for details to be wrongly disclosed, maliciously accessed or lost is completely unacceptable.
“With an increasing number of people having access to patients’ information, the threat of data breaches will only get worse.
“Urgent action is therefore needed to ensure that medical records are kept safe and the worst data breaches are taken seriously.
“If the government wants to introduce new schemes which will make the public’s data more accessible, then this must go hand in hand with greater penalties for those who abuse that access.
“This should include the threat of jail time and a criminal record.”
The group said one staff member at the South West Yorkshire trust was disciplined for taking medical records home. Another was dismissed for photocopying records of a child.
Dawn Stephenson, director of corporate development at the trust, said: “The trust takes its information governance duties very seriously and all staff undertake annual mandatory training as a minimum. Most breaches are as a result of mistakes made by members of staff with no or very minor consequence. In such cases members of staff are supported through additional training and supervision. The trust has dealt with all cases appropriately including a small number where disciplinary action was taken.”