Shelley Thomas
27 October 2011
The Information Commissioner has today issued a press release regarding an undertaking it has required University Hospitals Coventry and Warwickshire NHS Trust to give after twice breaching the Data Protection Act by losing patients’ medical information.
In the first instance, records in the control of the Trust and relating to 18 patients were found in a communal waste bin at an apartment block, after being taken home by a member of staff and disposed of in a bin along with other rubbish.
In the second incident a member of the public discovered medical records relating to a patient, allegedly in a bin outside Coventry University Hospital.
The ICO has investigated and found that the Trust’s policies and procedures on the use of personal data were not sufficient, and has ordered the Trust to:
- review its policies to make sure that personal data is adequately protected and disposed of;
- train staff to follow the Trust’s updated guidelines and new procedures governing the handling of clinical data; and
- carry out routine monitoring to ensure that procedures are being followed.
This case involved two breaches of Principle 7 of the Data Protection Act 1998 (the obligation to take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data) and highlights the approach that the Information Commissioner takes when such breaches are reported to him.
The case also highlights the fact that breaches of the Act (and in particular Principle 7) can involve hard copy, rather than electronic, data.
The Trust was perhaps fortunate that the Information Commissioner did not use the powers he has had since April 2010 to impose a monetary penalty on the Trust, as multiple breaches of the Act is one of the factors that will usually be regarded by the Commissioner as aggravating, and could lead him to take the decision to impose a monetary penalty.
The full story can be viewed here: http://www.ico.gov.uk/news/latest_news/2011/patients-details-binned-on-two-occasions-27102011.aspx
For the
latest updates, news and alerts, follow us on twitter:
