London Hospital fined £200,000 over fertility data breach

  • 28 February 2017
London Hospital fined £200,000 over fertility data breach

A London private hospital that made patients’ confidential fertility data freely searchable online has been fined £200,000.

The Information Commissioner’s Office (ICO) has fined private health company HCA International after finding one its private hospitals, Lister Hospital, had not kept patients’ fertility data secure.

An investigation found that the hospital was sending unencrypted audio recordings of  information discussed during private IVF consultations to an Indian transcribing company, which then sent the transcript back to the hospital.

However the Indian company stored both the recordings and the transcripts on an unsecure server, allowing the confidential files to be searched by anyone on the internet.

A Lister Hospital patient uncovered the breach in April 2015 when they found a confidential IVF recording online. HCA had been using the transcribing companies since 2009.

ICO head of enforcement, Steve Eckersley, said HCA had broken the law and betrayed its patients’ trust.

“These people were discussing intimate details about fertility and treatment options and certainly didn’t expect this information to be placed online.”

“The hospital had a duty to keep the information secure. Once information is online it can be accessed by anyone and could have caused even more distress to people who were already going through a difficult time.”

Eckersley said the company had appropriate protections in other parts of its business and the breach could have been avoided if it had simply checked its contractor’s storage methods.

HCA International has 27 hospitals and medical centres in the United Kingdom, most of them based in London, and has been involved in several joint ventures with the NHS.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Kootenai Health cyber attack impacts 464,000 patients

Kootenai Health cyber attack impacts 464,000 patients

US healthcare provider Kootenai Health has revealed that data belonging to 464,000 patients has been compromised following a cyber attack.
Advanced fined £6m over stolen patient data in 2022 cyber attack

Advanced fined £6m over stolen patient data in 2022 cyber attack

The Information Commissioner’s Office has imposed a £6.09m fine on Advanced for failing to protect personal information during a cyber attack.
ICO guidance on transparency published for health and care sector

ICO guidance on transparency published for health and care sector

New guidance has been issued by ICO over how health and care organisations should be transparent over the use of personal information.