ICO hits NHS board with £70,000 fine

Doctor using a computer

The Information Commissioner's Office (ICO) has issued its first monetary penalty against an NHS organisation, which sent sensitive patient details to the wrong person.

The Aneurin Bevan Health Board (ABHB) in Wales has been ordered to cough up 70,000 for the mistake, which is understood to have taken place in March 2011.

The NHS holds extremely sensitive information. The damage and distress caused by the loss of a patient's medical record is obvious.

In a statement, the ICO said the data breach had been blamed on a consultant who had provided insufficient details about a patient, which resulted in them being incorrectly identified.

As a result, a report into the patient's health was sent out to a patient with a similar name.

Following an investigation by the ICO, it was concluded the consultant had received insufficient training about data protection and that inadequate checks were in place to safeguard patients' personal information.

Stephen Eckersley, head of enforcement at the ICO, said, as well as a financial penalty, ABHB had also signed an undertaking to address the data protection watchdog's concerns.

"Aneurin Bevan Health Board failed to have suitable checks in place to keep the sensitive information they handled secure," he said.

"This case could have been extremely distressing to the individual and their family and may have been prevented if the information had been checked prior to it being sent."

As part of ABHB's undertaking, all staff will be trained in and made aware of its policies on data protection.

New checks will also be introduced to tighten up patient identification procedures and regular monitoring of its data protection polices will take place.

News of the fine comes less than a year after the ICO rapped the NHS for not making enough of an effort to safeguard patients' data.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.