Disaster easily averted? Data confidentiality and the hospital desktop computer.

OBJECTIVE

We specifically identified the hospital desktop computer as a potential source of breaches in confidentiality. We aimed to evaluate if there was accessible, unprotected, confidential information stored on the desktop screen on computers in a district general hospital and if so, how a teaching intervention could improve this situation.

DESIGN

An unannounced spot check of 59 ward computers was performed. Data were collected regarding how many had confidential information stored on the desktop screen without any password protection. An online learning module was mandated for healthcare staff and a second cycle of inspection performed.

SETTING

A district general hospital.

PARTICIPANTS

Two doctors conducted the audit. Computers in clinical areas were assessed. All clinical staff with computer access underwent the online learning module.

INTERVENTION

An online learning module regarding data protection and confidentiality.

RESULTS

In the first cycle, 55% of ward computers had easily accessible patient or staff confidential information stored on their desktop screen. This included handovers, referral letters, staff sick leave lists, audits and nursing reports. The majority (85%) of computers accessed were logged in under a generic username and password. The intervention produced an improvement in the second cycle findings with only 26% of computers being found to have unprotected confidential information stored on them.

CONCLUSIONS

The failure to comply with appropriate confidential data protection regulations is a persistent problem. Education produces some improvement but we also propose a systemic approach to solving this problem.