The Central London Community Healthcare NHS Trust has become the latest victim of the Information Commissioners Office (ICO) who has imposed an eye watering £90,000 fine after a series of breaches of the Data Protection Act was eventually brought to their attention.
The data breach occurred over a three month period where roughly 45 faxes which contained confidential data belonging to patients were accidentally sent to the wrong person. The Central London Community Healthcare NHS Trust meant to fax the patient lists to St Johnís Hospice. These patient lists contained information which related to 59 people and their diagnoses, their domestic situation and resuscitation instructions.
After a three month period of receiving these patient lists, the individual who had been receiving them eventually told Blightyís health service. The individual stated that they have been receiving these patient lists and that they had shredded them to ensure that the information didnít go any further.
ICO head of enforcement Stephen Eckersley has commented on this case. Eckersley stated, ďPatients rely on the NHS to keep their details safe. In this case Central London Community Healthcare NHS Trust failed to keep their patients sensitive information secure. The fact that this information was sent to the wrong recipient for three months without anyone noticing makes this case all the more worrying.Ē
This is the latest case where the ICO have had to conduct an investigation because of a number of errors. Firstly, The Central London Community Healthcare NHS Trust didnít have stringent enough measures in place to stop such an error occurring. Secondly, the staff hadnít been adequately trained on data protection. These two factors combined are the main reason for the ICO imposing the hefty fine.
The trend of confidential data being compromised by people working in the public sector is set to continue as it is very evident that there are still members of staff who havenít been appropriately trained on data protection. Yet again, this case suggests that we are still acting reactively and not proactively. The need for more stringent measures to be implemented and all members of staff to be adequately trained in data protection is increasing day by day as the implications become more severe if appropriate measures are not in place.