Calls for top NHS managers to be fired for data security breaches as patients avoid hospitals with poor reputations


PATIENTS are demanding hospital chief executives and high-level managers be sacked or heavily fined for breaches of privacy and data losses.

In the wake of a number of high-profile reports where sensitive information has been lost, stolen or wrongly accessed by staff, a survey by healthcare privacy solutions provider, FairWarning, reveals 87% of people want managers to be held personally accountable for security failings. The poll covered 1,001 patients, a large proportion of whom claimed confidentiality concerns had a major impact on a trust’s overall reputation, and a direct impact on public health outcomes.

The results are published in a white paper entitled: UK: How Privacy Considerations Drive Patient Decisions and Impact Patient Care Outcomes. It shows that 87.1% of those questioned felt chief executives and other top-level staff should be sacked or fined if it could be proved they were aware of the risks, but failed to act and there had been a serious breach. Just 1.3% of those questioned did not want direct sanctions for managers.

The survey also found that 73% of those questioned want better enforcement of the rules and regulations around data security, and 62% want national league tables to be made available showing the best and worst performers. And 86.5% of people warned that a serious breach of personal data would do severe or considerable damage to a hospital’s reputation. In fact, 37% of people said they would travel more than 30 miles to visit another centre if their local provider had a poor security record.

Organisations with poor track records are also accused of putting health at risk as one in four of those quizzed admitted they would, or have, put off seeking treatment, and more than half would withhold information from clinicians if they thought the data would not be safe.

Kurt Long, founder and chief executive of FairWarning, said: “Modern patient care is very much information-based. Any obstacle to the free flow of information between care providers and patients, such as those caused by privacy concerns, can prevent patients from receiving the best possible care. Patients across the UK have enormous faith in the NHS, but this survey reveals that more needs to be done for medical information to be shared and exchanged securely, and so to ensure the best patient outcomes.”

Other key findings from the survey include:

  • 97.1% believe NHS chief executives and top managers have a legal and ethical duty to protect their data
  • 77% believe managers should do more to stop unauthorised accessing of medical records
  • 72.9% said serious or repeated privacy breaches would reduce their confidence in the quality of care provided by a hospital
  • 55.8% feel existing laws are not adequately enforced
  • 29.4% do not believe their hospital or healthcare provider has proper privacy safeguards

Of those taking part, 41 – or 4% - said they were aware their records had already been breached; four by a friend, nine by a family member, six by a co-worker and six by a healthcare worker unknown to them. Of those, eight were victims of identity theft, two had private information used against them in a law suit, and six became the subject of gossip. Three people reported serious financial consequences, one person lost their job, eight needed credit monitoring to protect against crime, five had incorrect medical information added to their files, and nine had to invest significant time and effort into putting the situation right.

When it came to discovering the breach, some 28 were informed by the trust within 30 days of the breach taking place, and four found out themselves. The response of those organisation involved once a breach had been discovered was viewed positively, with 29 people ‘satisfied’ or ‘very satisfied’ with the outcome.

On a more positive note, 53.2% of respondents said they believed the NHS was committed to protecting their personal data, and 75.5% value electronic medical records as a way for clinicians to share information and keep it up to date.

Ted Boyle, specialist healthcare IT consultant and former systems administration and security manager at NHS Lothian, said of the findings: “It is vital for the future of the NHS that patient information can be freely exchanged between the clinicians. At the same time patients have a right to expect that sensitive information about them will remain confidential. For this to happen it is essential that advanced security systems are in place to monitor exactly who is accessing people’s records in order to prevent patient data from being abused.”

Sign up for your free email newsletter

Where FairWarning has introduced privacy breach detection systems and auditing solutions to monitor electronic records systems, the levels of staff snooping into patient files with no professional reason to do so has been reduced by 97% on average.