PMCCPMCCPMCC

Search tips
Search criteria 

Advanced

 
Logo of bmjThis ArticleThe BMJ
 
BMJ. 2007 July 21; 335(7611): 112.
PMCID: PMC1925166
Using Healthcare Data

Security protection is needed when using USB sticks

Matthew Daunt, F1 doctor

Current working hours for junior staff mean that effective patient handovers are critical. Handwritten sheets have been superseded by electronic storage of patient data available to the clinical team.1

Universal serial bus (USB) sticks have greater security risks than other media due to their size, storage capacity, and convenience. Trust policy states that confidential data should be stored on 128-bit encrypted USB sticks, with “if found” labels on them, and be used solely on the trust's computers.

Criminals now recognise the value of personal data in the growing identity theft market. Recently confidential patient data held on an unprotected USB stick were stolen. The trust had to inform the patient and face liability for distress or damage caused, along with public condemnation (D Terry, personal communication, July 2007). In addition, clinical information is lost permanently, and there is the financial cost of replacing equipment.

I asked 50 junior doctors about their electronic storage of patient data. Thirty six of them stored patient data electronically, 20 using a USB stick, three a floppy disk, and 13 a hospital computer hard drive. None of the 20 USB sticks had 128-bit encryption, and only three had password protection (still insufficient for the trust's requirements). Four doctors used the same device on their personal computer(s), two of which had patient data stored on them.

Cognisant of the sensitive patient information held electronically, the Caldicott and data protection adviser has recommended enhanced USB security protection to the trust, with mandatory password protection. The trust intends to supply 128-bit secured USB sticks for medical firms to use on wards, and an extensive communications programme will seek to raise awareness and promote compliance.

Notes

Competing interests: None declared.

References

1. Wade D. Ethics of collecting and using healthcare data. BMJ 2007;334:1330-1. (30 June.) [PMC free article] [PubMed]

Articles from The BMJ are provided here courtesy of BMJ Publishing Group