Survey exposes unsafe security practice

  • 7 March 2005

Measures taken by doctors to safeguard confidentiality, especially electronic records, are severely deficient and fuel the concerns of those trusted to police data security, say the authors of a letter to the British Medical Journal.


The signatories to the letter draw their conclusions from a survey of 32 surgical trainees invited to complete a questionnaire about their Data Protection Act registration and electronic data confidentiality practices.


They report: “Of 29 responders, 26 trainees regularly computerised and stored patients’ data. One person was registered with the Data Protection Act. Only three of 14 desktops, eight of 19 laptops, and three of 14 handheld computers forced a password logon. Sixteen of 29 trainees used the same password for all machines, and 25 of 27 passwords were less than eight characters long.


“All desktops, 16 of 19 laptops, and five of 14 handhelds were routinely connected to the internet, and half of these had not had their online security settings adjusted. Of 29 trainees, 28 did not encrypt their sensitive data files. Ten trainees had sent patients’ data unencrypted over the internet, using a non-secure server.”


The signatories, Damian Mole, a research fellow in surgery at Queen University, Belfast, information technology manager, Colin Fox, and information technology and security manager, Giulio Napolitano, both from the Northern Ireland Cancer Registry, conclude that the confidentiality practices among the trainees are unsafe and speculate that their findings are unlikely to be confined to their group.


Medical IT security training has been started for the surgical trainees and the letter’s authors urge others to initiate similar programmes before a serious breach occurs.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

WHO launches collaborative network for data and digital health

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.
Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield NHS Foundation Trust has achieved a stage 6 validation from HIMSS for its use of data and approach to data science.
Belfast Health and Social Care Trust goes live with digital record system

Belfast Health and Social Care Trust goes live with digital record system

Belfast Health and Social Care Trust has announced that it has gone live with the encompass digital record system, replacing paper processes.