The privacy watchdog has admitted it is "highly concerned" about the data security procedures in place at NHS trusts and medical facilities.
Information Commissioner's Office (ICO) officials said 250 of the 1,000 data breaches it had taken receipt of since 2007 came from the NHS. It cited the example of NHS Stoke-on-Trent, which failed to properly file 2,000 paper physiotherapy records in its archives, saying they may have accidentally been destroyed or misfiled.
A spreadsheet that featured 917 patients' pathology results was emailed via an unsecured address to another department at Basingstoke and North Hampshire NHS Trust. No password protection was on the file and the receiving department had no requirement to have access to the amount of clinical records contained.
ICO officials also said 8,000 patient details were downloaded on an unencrypted memory key by a worker at Lampeter Medical Practice. It was sent to the Health Boards Business Service Centre by recorded delivery but failed to ever arrive.
Mick Gorrill, head of enforcement at the ICO, said: "Everyone makes mistakes, but regrettably there are far too many within the NHS. Health bodies must implement the appropriate procedures when storing and transferring patients' sensitive personal information."