Nine NHS trusts in England have admitted losing patient records in a fresh case of wholesale data loss by government services, it has emerged.

At least 168,000 patients have been affected by the breaches, which came to light during a data security review by the Government.

The Department of Health said that patients had been told of the losses and that there was no evidence that data had fallen into the wrong hands.

Opposition parties condemned the systems of record-keeping that led to the security breaches, after losses of the details of millions of child benefit claimants and drivers in recent weeks.

Q&A: how can I protect myself?

Advice for anyone who fears their personal data may be misused by fraudsters after Britain's worst ever security breach

• Government under pressure over taxman's giant blunder

Related Internet Links

• Online security: full coverage

BACKGROUND

• Police step in as other CDs have gone astray

• Moment’s blunder puts half the country at risk

• Data watchdog seeks dawn-raid powers

• New data law 'urgently needed'

Related Links

• Bad news buried under an avalanche of data

• Intelligence chief to review data security

One of the breaches was thought to be the loss of names and addresses of 160,000 patients by City and Hackney Primary Care Trust, after a disc failed to arrive at a hospital in East London. Another, lost by Gloucester Partnership Foundation Trust, included archive records on patients treated 40 years ago – none of whom is still alive.

The details of the data lost by the other trusts involved – Bolton Royal Hospital, Sutton and Merton PCT, Sefton Merseyside PCT, Mid-Essex Care Trust, and Norfolk and Norwich Trust – have not been disclosed. The East and North Hertfordshire Trust reported a loss but has since found its missing data. Maidstone and Tunbridge Wells NHS Trust has also reported two breaches.

The Department of Health said that the security breaches were being dealt with locally. A spokesman said that investigations were under way and action would be taken against anyone who had failed to fulfil their responsibilities under data protection laws.

The disc containing information on 160,000 patients for the East London hospital had been “encrypted to an extremely high level of security”, he said, adding that another 8,000 patients’ records from the other trusts had been affected but only a small proportion contained clinical data.

Andrew Lansley, the Shadow Health Secretary, said yesterday: “You have to wonder why on earth it took the Revenue & Customs to lose their discs and for the Government to institute an inquiry across government for these losses of data to come to light. It does feel like there’s a sense in all parts of government that we’re required to provide data and we are constantly told that it will be protected, but in reality that level of protection simply isn’t there.”

Norman Lamb, the Liberal Democrat health spokesman, said: “The whole culture of data management in the public sector has to change.”

Richard Vautrey, of the British Medical Association, said that there was a strong case for patients having their information immediately available when they saw doctors in different medical situations. But he added: “It’s vitally important that any development of centralised systems is done in a careful and measured way.”

Joyce Robins, of the patient support group Patient Care, said that ministers could not gloss over yet another “scandal”. She said: “Health records can have anything from your ex-directory phone number to your HIV status.”

The department said: “Since the heightened concern about data protection, a small number of trusts have reported breaches of their own security rules. There are strict guidelines and procedures for dealing with breaches.” The Post Office apologised last night to thousands of pensioners when it emerged that about 120 account statements were sent to the wrong customers. The incident came to light in a memo from a civil servant at the Department for Work and Pensions, which said that 5,500 monthly Post Office card account statements had been mixed up. It later said that the number of accounts that had been sent to wrong addresses was much lower.

Losing streak

Nov 20 News of two CDs with details of 25 million Britons lost in post from a Revenue & Customs office in Tyne & Wear

Nov 23 It emerges that six more CDs with confidential information went missing in the HMRC post

Dec 5 HMRC admits seven serious security breaches in past 2 years

Dec 7 Details of up to 60,000 people lost by Citizens Advice Bureau after a laptop was stolen

Dec 17 Government says records of more than three million British learner drivers lost in the US

Dec 18 HMRC admits losing data of 6,500 private pension holders

Explore Health

• Expert Advice

• Health Features

• Mental Health

• Alternative Medicine

• Child Health

• Health Club