The number of data breaches in the NHS fell by only one per cent last year, almost flatlining after last year’s record number of breaches – despite previous warnings by the Information Commissioner’s Office (ICO).

Figures in the ICO’s annual report, published last week, show that there were 165 data breaches – potential losses of confidential patient records – between 1 April 2010 and 31 March 2011. This compares with 167 data breaches in the previous financial year.

Incidents of data loss this year include the faxing of two patients’ records to an incorrect address, and a member of staff taking 29 patient records home to update a training log and misplacing them.

Speaking about the figures, Information Commissioner Sir Christopher Graham said that “the security of data remains a systemic problem”.

He added that the ICO is working with the Department of Health to tackle these issues. “The sector needs to bring about a culture change so that staff give more consideration to how they store and disclose data,” Graham said.

The ICO this month issued five ‘undertakings’ to health organisations, requiring them to train staff and improve their procedures in order to reduce the risk of data loss.

The NHS data breach figures used to be revealed annually in a separate publication, but are now published within the ICO’s annual report.

An ICO spokesperson explained that the change was made because other sectors do not have their figures published at all.

Speaking last year to CSW, Sir Christopher said: “I’m confident that we’re doing what we should be doing to raise the profile of the issue.”

Written by Joshua Chambers, CSW