NHS trusts have been warned to be more careful with patient data after losses which include information being left on a bus.
The Information Commissioner's Office (ICO) issued the warning after finding five NHS organisations had broken the Data Protection Act.
A Surrey and Sussex NHS Trust ward handover document with information about 23 patients was found on a bus.
The trust also reported that two laptop computers had been stolen, despite there having been three locked doors between the laptops and members of the public. However, the data on them were not encrypted.
An unencrypted CD thought to contain treatment details for 20,000 people was also lost from a hospital run by The Royal Free Hampstead NHS Trust. The trust later said it could not say exactly what information was on the disk.
Meanwhile, Epsom and St Helier University Hospital NHS Foundation Trust stored records insecurely for almost two years, the ICO said, and an unencrypted laptop, which had data for 349 patients and 258 staff on it was stolen as a Hampshire Partnership NHS Trust employee attended a conference.
Chelsea and Westminster Hospital Foundation Trust also reported that an unencrypted memory stick was stolen from an unlocked office which was being used as a clinic. It had the details of 143 patients on it.