A London Community Healthcare trust has been slapped with a fine of £90,000 after the Information Commissioner’s Office found it in serious breach of the Data Protection Act.
The watchdog, which had its website hacked last week amid accusations that it didn’t protect citizen’s privacy enough, first became aware of the NHS Trust’s wrong doings back in March 2011.
This was after after patient lists from the Pembridge Palliative Care Unit, intended for St John’s Hospice, were faxed to the wrong recipient.
The patient lists were said to contain sensitive personal data relating to 59 individuals. This including medical diagnoses and information relating to their domestic situations and resuscitation instructions.
The individual informed the Trust in June that they had been receiving the patient lists, which consisted of around 45 faxes over a three month period. However, they claimed that to protect privacy, they had shredded them.
The ICO conducted an investigation that found the trust had failed to have sufficient checks in place to ensure sensitive information sent by fax was delivered to the correct recipient. It also barked at the trust for failing to provide robust data protection guidance, and training to the members of staff that had accidentally sent the faxes.
Stephen Eckersley, the ICO’s Head of Enforcement, said that the fact that this information was sent to the wrong recipient for three months without anyone noticing made the case “all the more worrying”.