NHS fined £70,000 for email address snafu
By Nicole Kobie
Posted on 30 Apr 2012 at 10:41
The Information Commissioner has fined a health board £70,000 for emailing a patient's medical records to the wrong person.
After years of being lambasted for for slipshod data protection procedures, the ICO has finally lost patience with the NHS, handing out its first ever fine to the health service.
The Information Commissioner's Office was given the power to fine organisations in 2010, but has been criticised for its tendency to punish public sector rather than private firms.
Despite the public sector focus, the NHS has until now avoided a fine, even though it was responsible for almost a quarter of total self-reported breaches over the past year.
Recent health-related cases that didn't lead to a fine include misdirected faxes, a lost memory stick with 87 patients' records, and 18 sets of test results dumped in a bin - as well as the usual lost laptops.
The damage and distress caused by the loss of a patient’s medical record is obvious, therefore it is vital that organisations across this sector make sure their data protection practices are adequate
Such a string of failures has led the ICO to call out the NHS as one of the worst data protection offenders, but until now hasn't resulted in a fine.
The first fine handed out by the data watchdog to a public health body is to the Aneurin Bevan Health Board, which was fined £70,000 after a single patient report was emailed to the wrong person.
"The error occurred when a consultant emailed a letter to a secretary for formatting, but did not include enough information for the secretary to identify the correct patient," the ICO said. "The doctor also misspelt the name of the patient at one point, which led to the report being sent to a former patient with a very similar name in March last year."
Stephen Eckersley, the ICO’s Head of Enforcement noted that health data is "some of the most sensitive information available".
"The damage and distress caused by the loss of a patient’s medical record is obvious, therefore it is vital that organisations across this sector make sure their data protection practices are adequate," he added.
As part of the ICO's action, the Aneurin Bevan Health Board has agreed to improve its procedures, and has already taken steps to do so. The board will receive a 20% discount if it pays the fine early.
And what happens if they refuse to pay?
By curiousclive on 30 Apr 2012
Who gets the money?
While it needs to be punished for lackadaisical security its not helping anyone taking £70K out of the NHS. Who gets this money?
By AndrewD on 30 Apr 2012
Don't dare ever make a mistake
The outcome of this will be that patients will not be able get their info by email any more in case someone's ever get sent to the wrong person.
Couple that with our compensation culture which ensures that everyone's distress has to be compensated (with money obviously), after all it's not about the money, they always just wanted an apology etc etc etc....
It's a shame that no-one can ever make a mistake anymore.
By andyw35 on 1 May 2012
- WWDC 2013 and iOS 7 launch: live blog
- Sony VAIO Pro review: first look
- Want child porn blocked? Meet the IWF
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Google two-step verification: a must for business email
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?