Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Medical and social security records being stored unlawfully and inappropriately accessed, statistics show

 

Cahal Milmo
Sunday 13 May 2012 14:20 EDT
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Medical and social security records kept by public bodies are being unlawfully or inappropriately accessed dozens of times a month and hundreds of civil servants disciplined for data offences, according to Government records.

Staff at the Department for Work and Pension (DWP) are being reprimanded at a rate of nearly five per day for breach of the rules governing its vast database - thought to be the largest of its kind in Europe - while the Department of Health (DoH) last year recorded 13 cases a month of unlawful access to medical records.

The statistics, obtained by Channel 4’s Dispatches under the Freedom of Information Act, will increase concern about the security of personal data and the ease with which private investigators are selling access to personal and confidential information, much of which is held on state computer systems and is illegal to obtain without suitable authorisation.

The DWP figures show that between April 2010 and last March a total of 513 staff members were disciplined for “unauthorised disclosure of official, sensitive, private and/or personal information... to anyone” from its database holding the records of 98 million people, which can be accessed by 200,000 people. For the 10 months from April 2011 to this January, the figure was 463.

When all types are data offence are taken into account, ranging from breaches of the Data Protection Act to inappropriate browsing of personal records of benefits claimants, some 1,172 civil servants were disciplined between April 2010 and last March, with a further 992 reprimanded between April 2011 and this January - equivalent to 4.57 cases per working day.

The DoH told Dispatches that it does not collect details of all cases of unlawful access of medical records but said it was aware of 158 incidents in 2011 - equivalent to 13 per month. In 2007, the figure was 28.

It is not known how many of data breaches involved the passing of information to an outside individual. The DWP said there had been 11 “serious cases” of personal data loss since 2007 which had been reported to the Information Commissioner’s Office.

A Dispatches programme to be broadcast tonight, Watching the Detectives, will report the results of a year-long investigation into private detectives who are accused of selling access to health, benefit and criminal records as well as mobile phone bill and bank accounts.

A spokeswoman for the DWP, which employs 100,000 people, said it had taken action in recent years to improve staff awareness of data protection. She said: “DWP makes millions of data transactions every week and while instances of misuse are low, we take security seriously which is why we have a process in place to detect them and take the necessary action. ”

In a statement, the DoH said: “The Department of Health provides clear guidelines on patient confidentiality and effective information security. Individual NHS organisations are responsible for ensuring that their staff know what is expected of them in regard to respecting the confidentiality of their patients.

“Medical records are private and any abuse of their confidentiality is deplorable. Individuals have a right to know that their personal information is protected. The NHS takes protecting individual privacy extremely seriously and if any member of staff is discovered intentionally breaching this, they will be subject to appropriate disciplinary action.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in