NHS Camden rapped by ICO

News

  • 25 March 2009
Lyn Whitfield
December 1, 2016

The Information Commissioner’s Office has taken enforcement action against NHS Camden for breaching the Data Protection Act.

The ICO has served the primary care trust with an enforcement notice for failing to dispose of a number of computers properly.

Redundant, unencrypted computers holding the names, addresses and medical diagnoses of 2,500 individuals were left beside a skip in the grounds of St Pancras Hospital in August 2008. They were there for at least 13 days, but subsequently disappeared and were never recovered.

The PCT launched a serious untoward incident investigation, which recommended that it should take a number of steps, including the encryption of computers and mobile devices and the establishment of robust asset and decommissioning registers.

However, assistant information commissioner Mick Gorrill expressed frustration about the number of enforcement notices that his office is having to issue against health bodies.

Camden is the ninth NHS organisation since November to be issued with an enforcement notice. Two PCTs were issued with notices last month, following the thefts of laptops holding personal details.

“Individuals must feel confident that their personal records will be handled properly by NHS bodies,” said Gorrill. “Over 2,500 individuals have suffered anxiety as the result of [the Camden] breach, with the worry that their medical records could fall into the wrong hands.

“I am increasingly concerned about the way that some NHS organisations dispose of sensitive patient information. Organisations need to ensure they implement appropriate safeguards to ensure personal details are disposed of in accordance with the Data Protection Act.”

NHS Camden has signed an undertaking that it will ensure all personal information is removed from computers as soon as they are decommissioned, and that it will give effect to the recommendations of its own SUI panel.

It must update the ICO on its progress by the end of March. Failure to comply with the notice would be a criminal offence.

Link:The Information Commissioner’s Office

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Rotherham picks Meditech for EPR

Next News

Asklepios signs RIS deal with medavis

Related News

Advanced fined £6m over stolen patient data in 2022 cyber attack
Cyber Security August 7, 2024

Advanced fined £6m over stolen patient data in 2022 cyber attack

The Information Commissioner’s Office has imposed a £6.09m fine on Advanced for failing to protect personal information during a cyber attack.
Health tech can help reframe ageing as an opportunity not a problem
Opinion July 24, 2024

Health tech can help reframe ageing as an opportunity not a problem

Edinburgh's new Global Research Institute in Health and Care Technologies is working on solutions that will enable more people to age well, writes Professor Alan…
WHO launches collaborative network for data and digital health
News July 15, 2024

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.