BreachExchange mailing list archives
Staffordshire NHS trust fined thousands over patient data breach
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Thu, 13 Jun 2013 10:14:40 -0500
http://www.publicservice.co.uk/news_story.asp?id=23190 An NHS trust in Staffordshire has been hit with a £55,000 fine after a serious data breach in which it mistakenly sent sensitive medical details to a member of the public, the Information Commissioner's Office has confirmed. North Staffordshire Combined Healthcare NHS Trust faces the penalty after records on three patients were faxed to the wrong number. The records, showing patients' names, addresses, medical histories, and details of their physical and mental health, should have been faxed to the trust's Wellbeing Centre, which provides psychological therapies. But on three occasions the fax number was incorrectly dialled, leading to a member of the public receiving the material. Guidance on phoning ahead of faxes had not been communicated to the staff involved and they had received no specific training on the secure use of fax machines, the ICO added. "Let's make no mistake, this breach was entirely avoidable," said enforcement group manager, Sally Anne Poole. "One phone call ahead to the trust's Wellbeing Centre would have alerted its staff to the fact that the number they were entering was incorrect. This would have stopped highly sensitive information about the care of vulnerable people being sent to a member of the public on three separate occasions. "This case should act as a warning to all organisations that routinely send out sensitive personal information by fax. Make sure you have appropriate procedures and controls in place, so that errors can be spotted before it is too late." This is the latest in a growing list of fines to be imposed on NHS bodies for breaching the Data Protection Act, some of which have been much larger. The ICO does have the power to fine up to £500,000 for the most serious breaches. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Staffordshire NHS trust fined thousands over patient data breach Erica Absetz (Jun 13)