Document management specialists Ricoh UK think it’s time for a health check on NHS document security

Share Article

With the big data explosion set to continue indefinitely, the challenge of managing increasing volumes of information will be one the public sector needs to meet head-on. To do this, it must conduct a far-reaching rethink on its approach to document management.

NHS document security

Paper documents need to be digitised, robust policies and procedures for the management and sharing of information need to be implemented and an overarching information management strategy needs to be implemented immediately.

The recent revelation that the NHS is estimated to have lost 1.8m patient records in the last year alone presents a worrying picture of the public sector’s approach to document management. This figure equates to a total loss of around 5,000 documents going missing every day, an astonishingly high level of data leakage, made worse by the fact that the documents contain personal and confidential information. Patients should expect the highest standards of security in place to store, share and manage their personal information, and looking at these figures, they are being badly let down.

The consequences of this continued leakage are also financial, with individual incidents adding up to hundreds of thousands of pounds worth of fines from Information Commissioner’s Office. So decision-makers in the NHS need to act urgently to avoid preventable incidents of document loss, to save money and restore public trust in their ability to hold sensitive information, securely.
Of course, when it comes to managing multiple confidential documents, across different departments in different parts of the country, there will always be an inevitable element of risk. But looking at the list of incidents in the findings it appears that many of the instances could and should have been prevented.

The findings revealed numerous examples of paper-based documentation falling into the wrong hands. In one incident, confidential patient records were dumped at a disused hospital site, only to be obtained by trespassers and published on the internet, a terrifying situation and one which should not have been allowed to occur. In another incident, confidential records were discovered dumped in a bin, echoing the well-publicised Oliver Letwin leakage incident from last year.
Nobody is saying that paper-based documents shouldn’t exist, but incidents like these raise fresh questions about overall processes for managing confidential documentation. For example, these incidents could have been prevented if the information was digested and shared via secure systems, or at the very least tracked and followed to ensure it was disposed of securely.
Other examples in the findings highlight how disjointed systems and misuse of technology has helped fuel document leakage. One example revealed that 59 patient records containing confidential and sensitive data was faxed to the wrong person, after the administrator dialed the wrong number. Again, this example calls into question the policies and procedures in place for sharing information between departments and with patients. Perhaps this could have been avoided by use of a central, secure online portal, or office technology that reduces the chance of human error by only routing documents – including faxes – to approved destinations. At the very least, a double check from additional members of staff that the fax number was correct could have been carried out.

It has since been reported that the Information Commissioner’s Office is asking for special powers to conduct compulsory audits on hospitals and NHS trusts, a move which raises further questions about the nature of security standards in the health sector. If implemented, then these audits could expose further shortfalls in security procedures and help rectify the problem, but much more needs to be done.

We live in a connected world, and all public sector organisations trusted with our sensitive, personal information should uphold the very highest standards when it comes to information sharing of critical documents. Simply reacting after the incident after the event will not solve the problem, a radical and bold approach needs to be taken to ensure secure end-to-end document management across the whole organisation.

There is a moral case for delivering high standards of document management, as secure access to critical patient records from anywhere, at anytime will help improve the ability of health professionals to deliver world class services to the public. We have a world class health service, which at the moment is being let down by out of date systems and incidents that can be controlled and prevented with the right systems in place.

With the big data explosion set to continue indefinitely, the challenge of managing increasing volumes of information will be one the public sector needs to meet head-on. To do this, it must conduct a far-reaching rethink on its approach to document management. Paper documents need to be digitised, robust policies and procedures for the management and sharing of information need to be implemented and an overarching information management strategy needs to be implemented immediately. This was also previously outlined in the Coleman Parkes report, entitled 'A New Perspective: Ricoh Document Governance Index 2012.'

So, the NHS has been officially diagnosed with a long standing case of document leakage disease. The solution to this condition lies in overhauling document management systems to ensure secure and flawless sharing of confidential information. Acting now will not only improve services, it will restore trust in the public sector to manage personal information, securely.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Anna Powell
Ricoh UK Ltd.
447891095143
Email >
Follow us on
Visit website