Preventable breach - vulnerable person’s medical records sent to the wrong address. St George’s Healthcare NHS Foundation Trust faces a significant penalty fine of £60,000 after sending a vulnerable individual’s medical results to the wrong address.
This is the fourth monetary penalty to be imposed on the NHS in the past two months. The mistake was made when two letters were sent to the recipient’s old address. The individual’s correct address had been provided to the trust and logged on the national care records service, NHS SPINE, before the medical examination took place. Trust staff failed to check the individual’s recorded address on their local patient data base matched the data on the SPINE. NHS trust challenges £375,000 fine over data protection breach.
Brighton and Sussex University Hospitals NHS Trust is contesting a £375,000 fine from the Information Commissioner's Office (ICO) over the theft of hard drives containing patient data.
Some 232 out of 1,000 hard drives belonging to the trust were stolen while they were under the responsibility of a contractor for decommissioning, and sold on. Details of thousands of patients and staff were believed to have been put at risk. The ICO has sent the trust a letter of intent to impose a £375,000 fine for the potential data breach. However, the trust said it will challenge the fine as it was a "victim of a crime".
"We subcontracted the destruction of these hard drives to a registered contractor, who subsequently sold them on eBay. NHS challenges £375,000 ICO fine after hard drive theft.