BreachExchange mailing list archives

Another NHS trust found to be in breach of the Data Protection Act following the loss of over 100 patient records

From: security curmudgeon <jericho () attrition org>
Date: Tue, 24 Aug 2010 16:12:53 -0500 (CDT)

http://www.scmagazineuk.com/another-nhs-trust-found-to-be-in-breach-of-the-data-protection-act-following-the-loss-of-over-100-patient-records/article/177390/

Dan Raywood
August 24, 2010

Royal Wolverhampton Hospitals NHS Trust has been found to be in breach of
the Data Protection Act by the Information Commissioner's Office (ICO)
after the loss of over 100 patient records.

A CD, which contained scans of 112 patient records from the Intensive Care
Unit of New Cross Hospital's Heart and Lung Unit, was discovered at a bus
stop near the hospital and was unencrypted with no password protection.

Investigations by the Trust and the ICO were unable to ascertain exactly
why or how the CD was ever made, although it was established that there
were areas of weakness in the Trust's data protection procedures. This
included a lack of timeliness in recalling patients' charts that had been
released to consultants.

Mick Gorrill, head of enforcement at the ICO, said: .The fact that this
information was several years old is of no consequence . patients'
personal data should always be handled in accordance with the Data
Protection Act. I am pleased that the Trust has agreed to take remedial
steps to ensure such an incident does not happen again..

The Trust has agreed to sign a formal undertaking outlining that it will
now process personal information in line with the act. The Trust will
implement a number of security measures to protect personal information
more effectively. These include ensuring that patient charts released to
consultants are signed for on receipt and chased for return after just one
week. Compliance with the Trust's policies on data protection and records
management will also be regularly monitored.

[..]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

Current thread:

Another NHS trust found to be in breach of the Data Protection Act following the loss of over 100 patient records security curmudgeon (Aug 24)