The medic waited 2 weeks before informing his superiors about the theft. The doctor took unencrypted patient information – including names, dates of birth, the treatments – on 1,147 patients and loaded it onto his laptop, which was stolen in November.
Now, Phil Morley, chief executive at Hull and East Yorkshire Hospitals NHS Trust, which runs Hull Royal Infirmary and Castle Hill Hospital in Cottingham, has written to the 1,147 patients affected to apologise.
In the letter, he said: “I am writing this letter to inform you of the incident and also to apologise unreservedly for the loss of your confidential data.
“The doctor acted outside trust and NHS regulations in taking unencrypted patient data away from the trust and installing it on his personal computer.
“I can advise that the trust treats these matters very seriously and the doctor concerned is being managed in accordance with the trust’s policies and procedures.”
The breach is the third incident of personal data exposure to affect Hull residents in less than a year, following an earlier event involving the theft of sensitive data from A4e.
The trust said the doctor informed police the laptop had been stolen following the theft in November but did not notify the trust until two weeks after the incident.
Cathie Holmes, 37, of Beverley, said she was furious when her 12-year-old daughter, Mary, received one of the letters.
Mrs Holmes said: “You can’t send a letter of that magnitude to a child and expect them to understand it.
Sources:-
http://www.theregister.co.uk/2011/01/19/hull_hospital_data_breach_flap/
http://www.thisishullandeastriding.co.uk/news/Undefined-Headline/article-3111119-detail/article.html