A British Hospital lost the personal information of 87 patients when a medical student mislaid an unencrypted memory stick.
According to the British privacy watchdog, the Information Commissioner's Office (ICO), the trust breached the Data Protection Act when the personal details of patients, and sensitive information relating to their treatment, were lost last December.
The mistake happened when a medical student, who had been on a placement at the hospital's Burns and Plastics Department, copied data onto a personal, unencrypted memory stick for research purposes.
The ICO's investigation found that the hospital had assumed that the student had received data protection training at medical school and did not provide him with the induction training given to its own staff.
The hospital has now agreed to take steps to ensure that the personal information accessed by students is kept secure.
"This case highlights the need to ensure data protection training for healthcare providers is built in early on, so that it becomes second nature," said ICO acting head of enforcement Sally Anne Poole.
“Medics handle some of the most sensitive personal information possible and it is vital that they understand the need to keep it secure at all times, especially when they are completing placements at several health organisations.
A further undertaking was also signed by the London Ambulance Service, which breached the Data Protection Act after a personal laptop was stolen from a contractor's home.
The laptop contained contact details and transport requirements relating to 2664 patients.
In July, Australian Privacy Commissioner Timothy Pilgrim recommended laws that would that would tighten use and disclosure of data and penalise any privacy breaches of e-health records.
The Government expected up to 500,000 Australians to be using the new Personally Controlled E-health Records (PCEHR) prior to the official 1 July 2012 launch.