The probe was launched after the trust discovered the disk, which contained unencrypted scanned images of patient report forms, was missing in August.
The external investigation found that: the computer system the information was stored on was obsolete and not fit for purpose; the security systems EMAS had in place were not sufficiently adequate to prevent a data loss incident and staff shortages in the Information Management and Technology department resulted in a higher number of temporary staff being used than would normally be expected.
It added that the absence of controls and assurances supporting the management and operation of an IT system that holds a large volume of patient information was a contributory factor to the data loss. EMAS chief executive Sue Noyes said: “We made a proactive announcement on the loss of a data cartridge in August, when it could not be located in the secure safe where it should have been stored.
'World’s best sweet shop’ contents up for auction as Peak District owner sells everything to start new adventure
Buxton B&B set to become children's home if High Peak council approves plans
Buxton man looking to find new home for WW1 and WW2 medals
Air ambulance scrambled to crash on Derbyshire’s Snake Pass – amid fears of serious injuries to casualty
Fire service renews safety warning as new heatwave looms in Derbyshire
“We expressed our apologies to our patients at that time, and would like to reiterate those apologies now.”
Since the incident, EMAS said it had take a number of steps to improve security including installing CCTV to monitor the safe where data is stored, recruiting a dedicated member to the IT team whose role is to manage information security and reducing their reliance on agency staff by appointing full-time members to the IT team.
The trust said that although police concluded there was no evidence to suggest a crime had been committed, it was still not known how the cartridge was actually lost. The Information Commissioner is still investigating.
Will Legge, EMAS Director of Information and Performance, said: “We fully accept the responsibility to improve security of information management at EMAS, and we are confident the actions we have taken and committed to in our strategy will deliver the long-term improvements required to help us achieve our Better Patient Care improvement plan.”