NHS under fire for poor data protection

Basingstoke and North Hampshire NHS Foundation Trust  sent an unencrypted Excel spreadsheet containing the pathology results of over 900 patients was sent via an unsecuredemail address between departments while Stoke-on-Trent NHS Foundation Trust failed to file 2,000 physiotherapy records were not filed correctly, putting them at risk of being accidentally lost or destroyed.

 

Mick Gorrill, head of enforcement at the ICO, said, with a quarter of all data breaches reported to the ICO involving the NHS, the service needs to do more to protect patients' data. “Everyone makes mistakes, but there are far too many within the NHS,” said Gorrill. “Health bodies must implement the appropriate procedures when storing and transferring patients’ sensitive personal information. We have taken a number of steps to explain the importance of personal data to NHS bodies and help them comply with the law. We will continue to do so."

 

Both trusts have agreed to implement measures to improve security, however, it appears that neither trust in this case was fined by the ICO, which earlier this year introduced an increase maximum fine of £500,000 for severe data loss incidents.