(2) how many incidents involving the loss of patients’ confidential medical data there have been in transfer between medical institutions in each of the last 12 months.
[holding answer 14 January 2008]: Each national health service body is responsible for compliance with data protection legislation and their boards are legally accountable. The Department provides clear guidance to help them do this. It does not routinely collect information about incidents of loss of patient data. Comprehensive information for the period concerned is not held centrally, and can be obtained only at disproportionate cost.
The Department is committed to ensuring that good practice is followed and that lessons are shared in the interests of improving protection of patient data across the NHS.
[holding answer 14 January 2008]: The Department has published clear rules and guidelines on the management of personal data by national health service bodies. These are in the form of three codes of practice on maintaining data confidentiality, security, and good records management, supported by numerous good-practice guidelines. An internal web-based resource, the NHS information governance toolkit, makes this guidance accessible to all parts of the NHS, and all major NHS organisations are required to provide an annual performance assessment against the standards derived from the three codes of practice.