Around a third of junior doctors currently use universal serial bus (USB) sticks as a means of saving and storing patient data, to pass on to other members of the clinical team at the end of a shift. These should be stored on secure sticks which use at least 129-bit encryption protection, to be used solely on the trust’s computers but E-Health Insider has been told that this is far from the case. Matthew Daunt, a foundation year one doctor, at the Nottingham trust, told E-Health Insider: “Many junior doctors do not use encrypted USB sticks, but instead tend to use the ones provided by drug companies free of charge. These records are not protected and can be viewed on any computer using software such as Excel, Word or Access.”

In research for the British Medical Journal, Daunt asked 50 junior doctors about their electronic storage of patient data. Thirty six of them stored patient data electronically, 20 using a USB stick, three a floppy disk, and 13 a hospital computer hard drive. None of the 20 USB sticks had 128-bit encryption, and only three had password protection – even this was still insufficient for the trust’s requirements. Four doctors used the same device on their personal computer, two of which had patient data stored on them. Daunt told EHI that the trust had turned a blind eye to this use, until they had to inform a patient that his data was potentially in the public domain.