NHS trusts compromised patient confidentiality in more than 800 separate incidents in the last three years, according to Freedom of Information Act information.
This equates to a breach of patient medical records five times a week, according to privacy campaign group Big Brother Watch, who conducted the research.
The breaches they discovered included 23 incidents of patient information being posted on social networking sites and 91 incidents of NHS staff looking up details of colleagues, as well as 24 incidents where patient information was stolen, lost or left behind by staff.
Despite these breaches of Data Protection policy, just 102 cases resulted in dismissal of staff, says the campaign group.
Nick Pickles, Director of Big Brother Watch, said: “This research highlights how the NHS is simply not doing enough to ensure confidential patient information is protected.
“As the summary care record scheme is rolled out and an increasing number of people have access to private patient information, urgent action is needed to ensure our medical records are safe.”
The report comes days after the Commons Justice Select Committee argued courts should have the power to punish people breaching the Data Protection Act with prison sentences, saying fines are an “inadequate” deterrent.
Speaking at the 10th annual data protection compliance conference in London, Information Commissioner Christopher Graham said data breaches in the NHS continue to be “a major problem”.
Of the 47 undertakings the ICO has agreed with organisations that have breached the Data Protection Act since April, more than 40% were in the healthcare sector.