Data Breaches by UK Health Services Staff Are Increasing

Pablo Valerio, International Business & IT Consultant | 12/31/2012 | 71 comments

Pablo Valerio
Probably the biggest threat to an organization -- and one that keeps CIOs awake at night -- is damage caused by unethical and disgruntled employees. The biggest security risk, causing the greatest potential damage, are people with legitimate access credentials who either unintentionally leak data, or willfully damage the company by accessing or disclosing sensitive information.

Today, with the enormous amount of extremely sensitive, private, and confidential information stored in electronic health records (EHRs), this threat is now the biggest issue for healthcare providers, IT professionals, and government regulators.

This is creating some serious concerns in Europe, and in the UK, there's a campaign called "The Big Opt Out" that's asking the government to stop collecting private information on electronic health records without patients' consent.

The problem is not really about staff having a peek at some records of family and/or friends, or being curious about a celebrity that they saw at the hospital. It's the potential damage of sharing this information with others, casually or deliberately, for financial gain.

To access a patient file in a hospital, it used to be necessary to go to a physical archive, usually locked and visible, in a place where people needed to show IDs. People could be questioned if they were looking at the wrong file, but even then, that did not stop some from trying. Today, accessing the information from inside can be done in total privacy, with the click of a mouse.

A new report from FairWarning, a provider of turn-key privacy auditing solutions, claims that “The greatest threat is not from lost or stolen laptops and mobile devices, but from staff abusing their legitimate access rights to read electronic records they have no right to see.”

The biggest problem for IT professionals in implementing security measures is that many healthcare professionals need to access the protected health information (PHI) of a patient. Generally, access to patient records is granted to all clinical personnel who may need it, increasing the potential danger of misuse. Limitation of access should not jeopardize the rendering of any care the patient needs.

However, because of the ease of accessing the information, improper access is increasing worldwide. The same report claims that, “On any given day a typical large hospital can expect inappropriate accessing of patient records by staff three to five times,” acts that, if discovered, could potentially destroy the institution’s reputation.

Perhaps the biggest deterrent for illegal access is an audit trail, which is now required by the UK government on all deployed EHR software. If there is suspicion of confidential information being released, the trail could identify by whom, when, and where the patient’s record was accessed. However, according to "The Big Opt Out," software vendors such as EMIS and INPS do not implement the audit trail yet.

Education is the most important step, explains Debbie Terry, NHS Information Governance Lead in the FairWarning report. She goes on to say:

In order to be fully transparent and trusted, providers must make sure that staff are properly trained in privacy policies and practice. Providers also need to make sure their patient record systems are fully secure. In this way they can protect trust and work in partnership with patients to deliver the best possible care.

Healthcare professionals should learn not to let anyone use their devices and/or credentials at any time. Using someone else’s credentials is the easiest way for a data thief to access the information and leave no trail behind.

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 8   >   >>
geeky   Data Breaches by UK Health Services Staff Are Increasing   2/25/2013 9:07:20 AM
Re: Audits
Yes and customer service is something which should be able to help out customers on their issues and should be able to attract them to call more for help. If you get more nad more calls on your hotline from your existing customers than new ones, it means the service is really good from the customer service section.
MDMConsult   Data Breaches by UK Health Services Staff Are Increasing   2/23/2013 4:11:12 AM
Re: Audits
Today, customers have very high expectations in customer service. Companies that can realize that importance in addressing issues via online channels in reference to quality of their services is quite powerful. They have to be able to address various issues accordingly as these issues can make or break them.
geeky   Data Breaches by UK Health Services Staff Are Increasing   2/9/2013 11:26:34 PM
Re: Audits
Yes MDM, there are so many other areas / media avilable and offer good facilities to switch if the customers want to.
MDMConsult   Data Breaches by UK Health Services Staff Are Increasing   2/4/2013 2:18:17 PM
Re: Audits
@Geeky True! Especially today as we are so connected more than ever with how our contacts and reputation is channeled or brought out. More and more customers are turning to the internet, social media sites such as forums, message boards, etc al to voice opinions even complain. Simple actions like being responsive is crucial.
nimanthad   Data Breaches by UK Health Services Staff Are Increasing   1/31/2013 9:35:12 PM
Re: What percentage of such breaches are accidental and what are purposefully done?
If things work fine it's alright but also Susan we must make sure no such breaching is possible since if one happens its no use of any policy or regulations
geeky   Data Breaches by UK Health Services Staff Are Increasing   1/29/2013 9:55:19 AM
Re: Audits
Exactly MDM> You need to protect your reputation to move forward in the world of business today. Thats not because you have to be faithful to your customers but also there are so many competitors around the chances of loosing a business is very thin.
Susan Nunziata   Data Breaches by UK Health Services Staff Are Increasing   1/26/2013 8:49:03 PM
Re: What percentage of such breaches are accidental and what are purposefully done?
@nimanthad: regulations or private policies, whatever works. In any case there should be very clear consequences and they should be enforced for employees who cause a breach. 
nimanthad   Data Breaches by UK Health Services Staff Are Increasing   1/26/2013 3:42:06 AM
Re: What percentage of such breaches are accidental and what are purposefully done?
Yes Suzan thats a huge risk we are taking if we are to proceed with this. I think we should not proceed without strict regulations. It should not just be recorded into a peice of paper but also should be in practical as well.
nimanthad   Data Breaches by UK Health Services Staff Are Increasing   1/26/2013 3:29:24 AM
Re: optout....
Yes true that too will be a breach but the risk is much more higher than going online isnt it.
Susan Nunziata   Data Breaches by UK Health Services Staff Are Increasing   1/11/2013 10:03:35 PM
Re: What percentage of such breaches are accidental and what are purposefully done?
@michaelsumastre: Thanks, it was terrible for him. As far as he knows, they never caught the person responsible. He figured it out only by deductive reasoning, as he is typically protective of his social security number and that facility was the only place in his recent past where he had given it out. Also, some of the early fraud occurred in the city and state where the doctor was located, which was not the same city and state where my friend resided. 
Page 1 / 8   >   >>

The blogs and comments posted on do not reflect the views of TechWeb,, or its sponsors., TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Pablo Valerio
Pablo Valerio   10/3/2013   35 comments
One of the factors keeping doctors from getting a complete picture of a patient's health condition is lack of patient cooperation. Patients are often advised by doctors to regularly record ...
Pablo Valerio   9/25/2013   21 comments
It's nearly impossible to do business anymore without access to huge amounts of data, whenever and wherever you want it. Yet cellular data roaming charges are pricey, WiFi spectrum is ...
Pablo Valerio   9/24/2013   20 comments
Aided by big-data and cloud computing, "personalized medicine" is enabling doctors and researchers to evaluate the potential of existing drugs in different individuals and make better ...
Pablo Valerio   8/28/2013   29 comments
A few weeks ago, Neelie Kroes, vice president of the European Union for the Digital Agenda, warned that American cloud companies could lose $35 billion because of the NSA spying scandal ...
Pablo Valerio   8/21/2013   39 comments
A new study by researchers from the MIT Sloan School of Management, the Hebrew University of Jerusalem, and NYU Stern School of Business shows that many people like or give positive ...
Latest Archived Broadcast
Ist Ihre Infrastruktur auch veraltet und nicht zukunftsfähig? Das Arbeiten in der Cloud wäre die Lösung, aber viele Firmen haben den Übergang zur Virtualisierung und die Cloud verpasst.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
A Video Case Study – Translational Genomics Research Institute
e2 Europe Video

On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments

Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments

The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments

TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments

The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments

Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments

IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments

TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments

TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments

The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments

The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Sara Peters
Cloud SLAs a Mystery to Users

2|28|13   |   1:15   |   10 comments

A credit card may buy your users cloud services, but it doesn't buy them an understanding of SLAs and privacy compliance.
Sara Peters
Date Set for Next McKinnon Extradition Epic Fail

9|10|12   |   3:11   |   16 comments

The next episode in the 10-year saga of the "UFO hacker" extradition battle will happen Oct. 16.
E2 Interview
Can IT Help Fix the Global Economy?

6|8|12   |   02:32   |   2 comments

We ask CIO Steve Rubinow whether today's IT can help repair the global economy (and if IT played any role in the economy's collapse).
Ivan Schneider
The Infrastructure With the Dragon Tattoo

7|21|11   |   2:54   |   1 comment

Nasdaq OMX is being investigated by Swedish competition authorities as to whether it pressured Verizon to keep a competing exchange called Burgundy from collocating in the same datacenter as its biggest customers.