The Information Commissioners Office (ICO) has slammed the NHS after the discovery of major data breaches.
It’s lambasted the Stoke-on-Trent Trust, which did not file the records of 2,000 physiotherapy patients within its archive and were accidentally destroyed or misfiled. Basingstoke and North Hampshire NHS Foundation Trust has also come under fire for breaching the Data Protection Act by emailing an unsecured spreadsheet containing 917 patients’ pathology results and information to another department.
Both NHS organisations’ chief executives have signed formal undertakings outlining that they will process personal information in line with the DPA.
According to the organisation a quarter (250) of all data breaches reported to the ICO are from the NHS.
Mick Gorrill, head of enforcement at the ICO, said: “Everyone makes mistakes, but regrettably there are far too many within the NHS. Health bodies must implement the appropriate procedures when storing and transferring patients’ sensitive personal information.
“We have taken a number of steps to explain the importance of personal data to NHS bodies and help them comply with the law. We will continue to do so.”
However, it seems the ICO isn’t willing to go a step further. It said last week that it has no intention of lobbying the government to introduce measures that would make it mandatory for organisations to report data losses.