THERE were 238 data breaches recorded at the Countess of Chester Hospital in 2018/19 – more than four every week.

Statistics revealed in the latest annual report show information was disclosed in error 86 times, lost in transit 33 times and disposed of in a ‘non-secure’ way 22 times.

Unauthorised access or disclosure accounted for a further 28 breaches and on one occasion information was uploaded to the hospital trust’s website in error.

The report also includes details of an incident when a laptop was stolen from the GP assessment unit (GPU) at the Liverpool Road site in March this year.

It states that all the data was encrypted and analysis proved the device was not logged-on at the time of the offence. Cheshire Police are still investigating.

In a statement to The Standard, Deputy Chief Executive Alison Kelly said: “As a hospital everything we do is about ensuring the safety of our patients and this extends to protecting their personal data and sensitive information. Every Countess employee completes annual training around this issue and if an incident occurs we investigate it thoroughly and offer additional training if required.”

She added: “We take this very seriously and it is disappointing when any breach takes place, but we are committed to reporting and learning from these incidents to improve our practices and better protect our patients in future.”

The annual report for 2018/19 states that the trust’s most recent Data Security and Protection Toolkit (DSPT) assessment identified two areas of concern – ‘Supplier Assurance and IT Security’.

Dr Susan Gilby, the Countess of Chester Hospital NHS Foundation Trust’s chief executive, writes: “An action plan is in place to address these gaps and to ensure full ongoing compliance with the General Data Protection Regulations (GDPR).

“There is still further improvement required regarding Data Security even though NHS Digital has positively recognised the work undertaken to date. However, this is high on the informatics agenda and a key focus for the coming year. An improvement plan is in place which is monitored by the Information Governance Committee.”

Summary of personal data related incidents in 2018/19:

  • Corruption or inability to recover electronic data 0
  • Disclosed in Error 86
  • Lost in Transit 33
  • Lost or stolen hardware 1
  • Non-secure Disposal – hardware 0
  • Non-secure Disposal – paperwork 22
  • Uploaded to website in error 1
  • Technical security failing (including hacking) 0
  • Unauthorised access/disclosure 28
  • Other 67