The potential for information to go missing within NHS Trusts could be wider than originally thought.
As the NHS battles back after a global cyber-attack, a new survey has revealed deep underlying problems in how it copes with data breaches.
That’s according to Crown Records Management, a records storage specialist based in Livingston, whose study found that 20% of healthcare organisations don’t have a comprehensive information governance programme in place and 76% don’t upgrade servers regularly.
Its research shows NHS Trusts are failing to invest in upgrading servers and do not always have robust policies in place to cope with breaches.
The survey, which polled IT decision makers in healthcare organisations, also found that:
- A fifth say their organisation does not have a comprehensive information governance programme in place. Another 9% don’t know if it does or not
- 74% do not regularly upgrade servers
- 13% have already reported a data breach at their organisation
- 16% either don’t know who to report a breach to – or are unsure
- 7% don’t know what constitutes a breach
- Only 43% are ‘very confident’ staff are adequately trained and aware of their responsibilities around preventing data breaches
The results come hot on the heels of a survey into preparations for the forthcoming EU General Data Protection Regulation, which will bring in huge fines for organisations which suffer a data breach after May 2018.
The figures showed that nearly a fifth of NHS Trusts had cancelled preparations for the Regulation in the mistaken belief that it would not apply to them after Brexit – and 9% admitted they didn’t even have plans to train staff on data protection.
John Culkin, Director of Information Management at Crown Records Management, believes the results are worrying.