Why is it that the NHS is so bad at keeping a secure grip on personal information? Once again the Information Commissioner’s Office (ICO) has found that two NHS bodies have breached the Data Protection Act.
This time it is NHS Stoke-on-Trent and Basingstoke and North Hampshire NHS Foundation Trust who are in trouble, resulting in their chief executives having to sign formal Undertakings outlining that they will process personal information in line with the Act.
The ICO says that 2,000 paper physiotherapy records were not filed within NHS Stoke-on-Trent’s archive system and may have accidentally been destroyed or misfiled. At Basingstoke and North Hampshire NHS Trust a spreadsheet containing 917 patients’ pathology results was emailed via an unsecure address to another department. The spreadsheet was not password protected and the receiving department had no business need to have access to the excessive amount of clinical records.
A quarter of all data breaches reported are from the NHS and as Mick Gorrill, Head of Enforcement at the ICO, said: “Everyone makes mistakes, but regrettably there are far too many within the NHS.”
Fuse Learning has been well aware of the problem for some time and has flagged it up in the past. More practically, we offer training to NHS organisations in information governance and data protection.
www.ico.gov.uk
Visit the Fuse Learning website: http://www.fuselearning.co.uk/
You must log in to post a comment.