The East Midlands Ambulance Service has lost a data storage device containing 42,000 patient report forms - the second time it has lost sensitive patient data in three years.
The ambulance service has reported the loss to the Information Commissioner's Office (ICO), which is now investigating the incident. As it's not the first time the service has lost patient data, it now faces an ICO fine.
Sue Noyes, East Midlands Ambulance Service chief executive said: "We express sincere apologies for a patient data loss incident which we have reported to the Information Commissioner."
She said a data cartridge [like the one pictured] containing just under 42,000 electronic copies of scanned handwritten patient report forms - which are believed to be from September 2012 to November 2012 - went missing from the service's Beechdale divisional headquarters in Nottingham.
She said "the cartridge is small" and that there was "a possibility that it is still on our premises". She added that a "thorough search of the building" was being made.
Noyes added: "We are certain the data can only be read via specific hardware which we have in our premises, and which is no longer in production i.e. it is obsolete.
"Therefore it is unlikely that the information stored on the missing cartridge can be viewed by anyone outside of the organisation."
The loss has also been reported to Nottinghamshire Police. Noyes said the data loss was "extremely unfortunate", as during this financial year the service is replacing the current computerised storage system to strengthen security arrangements.
The ambulance service said "information governance training" takes place annually at the organisation, and features in the induction for new recruits. It said an internal audit earlier this year, provided "significant assurance that there is a sound system in place to support information governance".
However, East Midland Ambulance Service has form. In July 2011, it was reported that five NHS trusts had been issued with ICO undertakings, all of which the data protection body said "relate to incidents where they failed to take appropriate steps to ensure that sensitive personal information was kept secure".
Among the undertakings, East Midlands Ambulance Service NHS Trust lost an unencrypted memory stick containing sensitive personal data relating to a number of patients.
Regarding the latest incident, people who received an ambulance response during September 2012 to November 2012, and who had their details recorded in handwriting on a paper patient report form, can contact the ambulance service for more information, it said.
Sign up for CIO Asia eNewsletters.