Neeraj Sethi1, Gethin Lane2, Sophie Newton2, Philip Egan3, Samit Ghosh2. 1. Calderdale Royal Hospital, West Yorkshire, United Kingdom. Electronic address: neerajsethi@doctors.org.uk. 2. Calderdale Royal Hospital, West Yorkshire, United Kingdom. 3. Leeds Institute of Molecular Medicine, United Kingdom.
Abstract
OBJECTIVE: We specifically identified the hospital desktop computer as a potential source of breaches in confidentiality. We aimed to evaluate if there was accessible, unprotected, confidential information stored on the desktop screen on computers in a district general hospital and if so, how a teaching intervention could improve this situation. DESIGN: An unannounced spot check of 59 ward computers was performed. Data were collected regarding how many had confidential information stored on the desktop screen without any password protection. An online learning module was mandated for healthcare staff and a second cycle of inspection performed. SETTING: A district general hospital. PARTICIPANTS: Two doctors conducted the audit. Computers in clinical areas were assessed. All clinical staff with computer access underwent the online learning module. INTERVENTION: An online learning module regarding data protection and confidentiality. RESULTS: In the first cycle, 55% of ward computers had easily accessible patient or staff confidential information stored on their desktop screen. This included handovers, referral letters, staff sick leave lists, audits and nursing reports. The majority (85%) of computers accessed were logged in under a generic username and password. The intervention produced an improvement in the second cycle findings with only 26% of computers being found to have unprotected confidential information stored on them. CONCLUSIONS: The failure to comply with appropriate confidential data protection regulations is a persistent problem. Education produces some improvement but we also propose a systemic approach to solving this problem.
OBJECTIVE: We specifically identified the hospital desktop computer as a potential source of breaches in confidentiality. We aimed to evaluate if there was accessible, unprotected, confidential information stored on the desktop screen on computers in a district general hospital and if so, how a teaching intervention could improve this situation. DESIGN: An unannounced spot check of 59 ward computers was performed. Data were collected regarding how many had confidential information stored on the desktop screen without any password protection. An online learning module was mandated for healthcare staff and a second cycle of inspection performed. SETTING: A district general hospital. PARTICIPANTS: Two doctors conducted the audit. Computers in clinical areas were assessed. All clinical staff with computer access underwent the online learning module. INTERVENTION: An online learning module regarding data protection and confidentiality. RESULTS: In the first cycle, 55% of ward computers had easily accessible patient or staff confidential information stored on their desktop screen. This included handovers, referral letters, staff sick leave lists, audits and nursing reports. The majority (85%) of computers accessed were logged in under a generic username and password. The intervention produced an improvement in the second cycle findings with only 26% of computers being found to have unprotected confidential information stored on them. CONCLUSIONS: The failure to comply with appropriate confidential data protection regulations is a persistent problem. Education produces some improvement but we also propose a systemic approach to solving this problem.