Disaster easily averted? – Data confidentiality and the hospital desktop computer

• Patient confidentiality is vital.
• Hospital staff are poor at securing data on the desktop computer.
• Training and awareness can only improve matters so far.
• Systemic changes are required to prevent disasters.

ObjectiveWe specifically identified the hospital desktop computer as a potential source of breaches in confidentiality. We aimed to evaluate if there was accessible, unprotected, confidential information stored on the desktop screen on computers in a district general hospital and if so, how a teaching intervention could improve this situation.DesignAn unannounced spot check of 59 ward computers was performed. Data were collected regarding how many had confidential information stored on the desktop screen without any password protection. An online learning module was mandated for healthcare staff and a second cycle of inspection performed.SettingA district general hospital.ParticipantsTwo doctors conducted the audit. Computers in clinical areas were assessed. All clinical staff with computer access underwent the online learning module.InterventionAn online learning module regarding data protection and confidentiality.ResultsIn the first cycle, 55% of ward computers had easily accessible patient or staff confidential information stored on their desktop screen. This included handovers, referral letters, staff sick leave lists, audits and nursing reports. The majority (85%) of computers accessed were logged in under a generic username and password. The intervention produced an improvement in the second cycle findings with only 26% of computers being found to have unprotected confidential information stored on them.ConclusionsThe failure to comply with appropriate confidential data protection regulations is a persistent problem. Education produces some improvement but we also propose a systemic approach to solving this problem.