Royal Free patient info is handed to New Journal

Published: August 4, 2011
EXCLUSIVE by TOM FOOT

ROYAL Free officials were urgently dispatched to the New Journal last night (Wednesday) after a lost memory stick believed to contain confidential patient data was handed in to our offices.

An investigation has been launched into concerns of a major security breach at the Hampstead hospital following the arrival of the small device in a brown paper envelope yesterday.

The plug-in stick – which is used for swift transfer of digital files between computers – was reportedly found on the ground near St Stephen’s Church in Pond Street.

The New Journal was told that it contained highly confidential information, raising fears that details could have been used for sinister purposes if it had been obtained by criminals.

A caller, who said they had sent the mem­ory stick to the newspaper, said: “I couldn’t believe what it was when I opened it up. It was full of people’s medical records and ­procedures, operation dates, with names and telephone numbers. What if it had got into the wrong hands?”

The source said the USB (universal serial bus) was not password-protected which, if found to be true during the internal investigation, would be a clear breach of NHS policy and important data protection rules. The hospital demanded its immediate return with threats of potential legal action if data protection ­legislation was broken by viewing the files.

The Royal Free NHS Trust later praised the New Journal for raising the alarm and handing the memory stick back without looking at the files. It was returned by black cab and was safely in the hospital’s vault last night.

A spokeswoman said they were taking the ­matter “very seriously” and that the Trust’s ­information governance officer would launch an internal investigation in the morning.

It was important to trace the files back to the correct department and to establish whether it belonged to a GP and why it was taken outside the hospital, the spokeswoman added.

In 2008, the Royal Free began replacing all of its paper patient records with a digital system.

In a statement on its website, the Royal Free said: “We take great care to look after your records properly and anyone who has access to them is obliged to respect their confidentiality. Information held on computers must be registered under the Data Protection Act.”