Flawed system contributed to East Midlands Ambulance Service patient data loss

Flaws in the way patient data is stored by East Midlands Ambulance Service (EMAS) have been highlighted during an independent investigation into the loss of a cartridge containing the personal details of 42,000 patients.

By Louise Bellicoso
Thursday, 30th October 2014, 12:56 pm

The probe was launched after the trust discovered the disk, which contained unencrypted scanned images of patient report forms, was missing in August.

The external investigation found that: the computer system the information was stored on was obsolete and not fit for purpose; the security systems EMAS had in place were not sufficiently adequate to prevent a data loss incident and staff shortages in the Information Management and Technology department resulted in a higher number of temporary staff being used than would normally be expected.

It added that the absence of controls and assurances supporting the management and operation of an IT system that holds a large volume of patient information was a contributory factor to the data loss. 
EMAS chief executive Sue Noyes said: “We made a proactive announcement on the loss of a data cartridge in August, when it could not be located in the secure safe where it should have been stored.

“We expressed our apologies to our patients at that time, and would like to reiterate those apologies now.”

Since the incident, EMAS said it had take a number of steps to improve security including installing CCTV to monitor the safe where data is stored, recruiting a dedicated member to the IT team whose role is to manage information security and reducing their reliance on agency staff by appointing full-time members to the IT team.

The trust said that although police concluded there was no evidence to suggest a crime had been committed, it was still not known how the cartridge was actually lost. The Information Commissioner is still investigating.

Will Legge, EMAS Director of Information and Performance, said: “We fully accept the responsibility to improve security of information management at EMAS, and we are confident the actions we have taken and committed to in our strategy will deliver the long-term improvements required to help us achieve our Better Patient Care improvement plan.”