UK COMPUTERS STOLEN - Personal data stolen with Powys LHB laptop:

Personal data stolen with Powys LHB laptop

Published date: 04 September 2009 | Published by: Richard Jones

A COMPUTER containing personal information about patients who have visited Powys teaching Local Health Board’s (tLHB) orthotics department has been stolen.

Remarkably this incident happened in February 2008 but the third party in charge of the laptop only informed Powys tLHB about the theft in June 2009.

Trulife, Powys tLHB’s orthotics provider, informed police at the time of the theft but failed to flag up the theft to the health board for a further 18 months, meaning they have only now been able to identify the number of patients affected and the level of details containing on the laptop.

Orthotics are shoe inserts that are intended to correct an abnormal, or irregular biomechanics (walking pattern).

They perform functions that make standing, walking, and running more comfortable and efficient, by altering slightly the angles at which the foot strikes a walking or running surface.

In a letter to patients who have attended the orthotics department, Judith Paget, chief executive of Powys tLHB, said: “I’m contacting you now to let you know that a laptop computer, which contains some of your details, has unfortunately been stolen.

“We recently heard from our orthotic provider, Trulife, that one of their laptops had been stolen from a car.

“The laptop contained data on our orthotic patients. The laptop was password protected, but not encrypted. This means that it is possible that whoever stole the laptop would be able to access the information on it.

“The incident took place in February 2008. The police were informed at the time. However, it was only in June 2009 that Powys tLHB was told by Trulife that the laptop had been stolen and that it contained patient identifiable data.

“Since we were told about the theft and loss of data the tLHB has worked closely with the company to identify the number of patients affected, identify who they are and level of detail contained on the laptop.”

The data on the stolen laptop relates to patients who attended the Orthotics Department up to February 2008. It includes personal information such as names, date of birth, hospital reference number and detail of prescriptions.

Since being advised of the theft Powys tLHb say they have taken a number of steps to rectify things.

Among other things they have reviewed their processes for telephone contacts to ensure this data cannot be used alone to retrieve any information about patients by phone, they are actively working with Trulife to ensure that patient identifiable data contained on current laptops is encrypted and carried securely, they have made sure that incidents like this in the future are reported immediately, and they are also reviewing contractual agreements with all third parties.

Judith Paget added: “We take the security of patients and their data extremely seriously and we are therefore very sorry that this has happened.”
She also confirmed that medical case notes were not involved in this incident and they have copies of all this relevant information.