NHS Camden rapped by ICO

News

  • 25 March 2009
Lyn Whitfield
December 1, 2016

The Information Commissioner’s Office has taken enforcement action against NHS Camden for breaching the Data Protection Act.

The ICO has served the primary care trust with an enforcement notice for failing to dispose of a number of computers properly.

Redundant, unencrypted computers holding the names, addresses and medical diagnoses of 2,500 individuals were left beside a skip in the grounds of St Pancras Hospital in August 2008. They were there for at least 13 days, but subsequently disappeared and were never recovered.

The PCT launched a serious untoward incident investigation, which recommended that it should take a number of steps, including the encryption of computers and mobile devices and the establishment of robust asset and decommissioning registers.

However, assistant information commissioner Mick Gorrill expressed frustration about the number of enforcement notices that his office is having to issue against health bodies.

Camden is the ninth NHS organisation since November to be issued with an enforcement notice. Two PCTs were issued with notices last month, following the thefts of laptops holding personal details.

“Individuals must feel confident that their personal records will be handled properly by NHS bodies,” said Gorrill. “Over 2,500 individuals have suffered anxiety as the result of [the Camden] breach, with the worry that their medical records could fall into the wrong hands.

“I am increasingly concerned about the way that some NHS organisations dispose of sensitive patient information. Organisations need to ensure they implement appropriate safeguards to ensure personal details are disposed of in accordance with the Data Protection Act.”

NHS Camden has signed an undertaking that it will ensure all personal information is removed from computers as soon as they are decommissioned, and that it will give effect to the recommendations of its own SUI panel.

It must update the ICO on its progress by the end of March. Failure to comply with the notice would be a criminal offence.

Link:The Information Commissioner’s Office

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Rotherham picks Meditech for EPR

Next News

Asklepios signs RIS deal with medavis

Related News

WHO launches collaborative network for data and digital health
News July 15, 2024

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.
Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities
News June 14, 2024

Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield NHS Foundation Trust has achieved a stage 6 validation from HIMSS for its use of data and approach to data science.
ICO guidance on transparency published for health and care sector
Start-ups April 22, 2024

ICO guidance on transparency published for health and care sector

New guidance has been issued by ICO over how health and care organisations should be transparent over the use of personal information.