NHS bosses apologised last night after a computer memory stick containing confidential records of 200 mental health patients was found in a North-East street.
The information includes entire medical histories, as well as national insurance numbers and addresses.
A hospital computer technician working on a systems upgrade lost the device and it was found by a member of the public in Barnard Castle.
Tees, Esk and Wear Valleys NHS Foundation Trust said last night it had begun an investigation to find out how the data breach happened.
One of the patients affected, who did not want to be named, said last night she felt “scared and upset” when she found out.
“I don’t want anybody to know my details – this is really shocking,” she said.
“Somebody rang me at the weekend to tell me that all my records had been found stored in a memory stick lying in the street.
“I have no idea how this could happen. Who knows who could have read it.”
The 42-year-old, who lives near Bishop Auckland, has received treatment for osteoporosis and mental health issues, including an eating disorder.
She added: “This was my full medical history – from the moment I was born up to date.
It has got me very upset.”
Last month, The Northern Echo revealed that scores of patients’ records had been lost by the region’s NHS hospital trusts over the past three years. The information included a bundle of medical records a consultant left in his car overnight. The files were lost when the vehicle was stolen from his driveway.
Tees, Esk and Wear Valleys trust offers mental health support to patients in County Durham, Darlington, Teesside and North Yorkshire.
The data was lost by an IT technician who was working on a temporary contract and has since left the trust.
Although the device was handed in to the trust on Friday, it is not known when the device was lost.
It has also emerged that staff at the trust have been storing patients’ private details on their PC hard drives, in breach of the organisation’s information security policy.
Martin Barkley, the chief executive at the trust, said: “Safeguarding patients’ confidential information is of the utmost importance to the trust, and we have clear policies and procedures in place to support this.
“There has been a serious breach of these policies and of patient confidentiality. We are very sorry this has happened, but grateful that it has been brought to our attention.
“We have already written to all staff to remind them of their responsibility to safeguard patient information and to follow trust procedure.
“We now need to complete the investigation so we can learn from this isolated incident and put measures in place to prevent it from happening again.”
Michael Summers, vicechairman of the Patients’ Association, said: “There is an old-fashioned idea that when you go to see your doctor, the entire thing will remain confidential.
That’s going by the wayside now.
“This kind of thing goes on all over the country now – it is such a scandal.
“Patients no longer have any faith in the Government.
Hardly a week goes by without more records being lost.
“If the trust can’t control staff or keep to its own policy, what does it say about the management? Management is to blame if patient records are repeatedly being lost.”
A Department of Health spokesman said: “The NHS locally has a legal responsibility to comply with data protection rules. They are expected to take data loss extremely seriously, be open about incidents and about the action taken as a result.
“This month, NHS chief executive David Nicholson has written to all senior health managers reminding them of their responsibilities following the level of public concern in the wake of data losses.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here