Following recent spates of serious lapses in personal data security, the Welsh Liberal Democrats have tabled a motion tomorrow that urges the Welsh government to identify what measures it is taking to safeguard the personal data it, and the services it funds, hold on people in Wales.
From children’s ward medical records found in a puddle, patients details being sent to wrong addresses to 100 floppy disks containing sensitive data about patients medical records lost, personal data loss seems relentless and it needs to stop.
The party is calling for the Labour-Plaid government to do more to ensure that personal data held by public authorities are kept safe. People, especially patients, have a right to expect their personal information held by public authorities to be treated with the utmost care as recent incidents over personal data loss are shocking and the degree of negligence in some cases is breathtaking.
The recent loss of data has already shaken the confidence of the people who use these services. We need assurances from the Welsh government, especially from the Health Minister that procedures have been put in place to ensure that future data losses do not occur.
We need a fundamental re-examination of how the NHS deals with personal data and I urge the Welsh government to consider our proposals to ensure that the loss of confidential data is Wales is minimised.
The Welsh Liberal Democrats four priorities to stem the loss of confidential data are:
1. The Health Minister should publish minimum standards for the protection of data on mobile devices and ensure that all NHS staff are aware of their particular responsibilities.
2. As a general principle, patient records should not be stored on mobile devices and strict rules must apply to control the copying of data. Any exceptions must be authorised after a risk assessment and only where it is unavoidable for the completion of work duties and the provision of care.
3. All mobile data devices should be protected through appropriate security controls regardless of the sensitivity of the information held. This includes the use of authentication, encryption, and other technical separation controls as well as registration and allocation of devices to an ‘owner’.
4. Lapses in standards of care should be regarded as potential serious misconduct.
Related posts:
