Cambridgeshire Community Services NHS Trust has improved some of the information governance issues exposed by investigations into a series of data losses and thefts, according to the Information Commissioner’s Office.
Trust chief executive Matthew Winn entered into an improvement undertaking with the ICO last year after a probe into the data breaches at the organisation, which provides a range of health services to residents in Cambridgeshire, Norfolk, Suffolk and Bedfordshire.
While the ICO investigation found that none of the incidents appeared to have caused substantial damage or distress to the individuals affected, it was discovered that trust employees were only required to refresh their information governance training every two years. An annual requirement was introduced nationally in 2013.
The ICO said the level of required mandatory annual refresher training at the trust had been “poor” at the time the improvement undertaking was signed.
Related content
Police chief signs data-protection undertaking after ICO exposes failings
Cambridgeshire broadband take-up triggers £5.3m boost from BT
In its just-published follow-up report, the ICO said the trust had confirmed the introduction of a range of measures to ensure information governance training was kept up to date.
It said an electronic staff record system had been introduced to enable monitoring of staff compliance with e-learning training on the Health and Social Care Information Centre website.
The ICO said the system was able to identify staff who were on long-term sick leave, maternity leave or secondment, ensuring compliance statistics were recorded accurately.
The follow-up report also said that e-mail reminders were sent to staff about their IG training, which had to be completed within three months of employment commencing, and annually thereafter.
The ICO said: “The review demonstrated that the trust has taken appropriate steps and put plans in place to address the requirements of the undertaking and to mitigate the risks highlighted.”
The improvement undertaking, signed by Winn and ICO head of enforcement Stephen Eckersley in July 2015 suggested that at the time of the data-loss incidents the previous year, only 49% of staff were compliant with information governance training requirements, and that a target of achieving full compliance by March 2015 had been missed.
The ICO said compliance had reached 95% by September 2015.