East Midlands Ambulance Service (EMAS) has published the results of an investigation into a patient data disc that went missing from its headquarters in the summer — and has yet to be found.
As previously reported, a floppy disc containing almost 42,000 patient forms went missing from EMAS HQ in Nottingham on August 24.
The disc contained just under 42,000 electronic copies of scanned handwritten Patient Report Forms, for those who used the service between September 2012 and November 2012.
Nottinghamshire Police were alerted despite no evidence of a break in, and a thorough search of the building for the disc was conducted.
The disc is still missing somewhere within the premises.
The EMAS investigation looked into why the cartridge went missing and how this could be avoided in future, and EMAS also reported the incident to the Information Commissioner and NHS organisations who monitor and regulate the service.
The investigation states police concluded no crime had been committed, and despite an investigation led by an external Information Technology specialist commissioned by EMAS, it is not clear how the cartridge was actually lost.
The investigation also flagged that there were flaws in how EMAS was storing such data in the first place, with the system information was stored on being obsolete and not fit for purpose.
Now the organisation will work to improve data storage, as well as more CCTV around the safe in which data is kept, reduced reliance on agency staff, a dedicated IT staff member for managing information security and revising and publishing the EMAS Standard Operating Procedure.
The Trust Board also approved a new Information Management and Technology (IM&T) Strategy.
Sue Noyes, EMAS Chief Executive said: “We made a proactive announcement of the loss of a data cartridge in August, when it could not be located in the secure safe where it should have been stored.
“We expressed our apologies to our patients at that time, and would like to reiterate those apologies now. It is important to note that during this financial year we had already agreed to replace this specific computerised storage system and to strengthen security arrangements.
“We took a proactive approach to report this loss because we knew it was our duty to inform people that such an incident had occurred.
“We are taking the same approach in publishing the outcomes of the investigation. We are an open, honest and transparent service, which learns from its mistakes and takes actions to minimize the risk of such an incident happening again.”
EMAS Director of Information and Performance, Will Legge, added: “We fully accept the responsibility to improve security of information management at EMAS, and we are confident the actions we have taken and committed to in our strategy will deliver the long-term improvements required to help us achieve our Better Patient Care improvement plan.”