To fine or not to fine: The ICO and the NHS

By Graeme Burton
27 Apr 2012 View Comments

When South London Healthcare NHS Trust admitted to losing two memory sticks containing sensitive patient data, it highlighted once again the trouble the health service, in particular, seems to have in securely managing the data it is supposed to look after. Furthermore, despite the seriousness of the incident, no fine was levied by the Information Commissioner's Office (ICO).

Further reading

The data was lost in two incidents. The first, when a "data controller employee" downloaded information relating to about 600 maternity patients and saved it to a memory stick. The second occurred when a device containing the names and dates of birth of 30 children, including full audiology reports on a further three, was also lost. In neither case was the data encrypted.

Both devices were later found, but the cases came amid a string of similar incidents at the Trust, involving not just computerised data, but also sensitive paper-based records. The Trust declined to comment on any of the cases.

Given the seriousness of the losses, why wasn't the Trust heavily punished and why are there so many cases involving lackadaisical data management and data losses in the NHS?

According to deputy Information Commissioner David Smith, NHS organisations are often hit with big fines. The ICO levied a hefty £375,000 fine against Brighton and Sussex University Hospitals NHS Trust when hard disk drives containing data on tens of thousands of patients were stolen in September 2010.

"We are taking action against NHS organisations when cases come to our attention that meet the criteria for a monetary penalty, which are quite restrictive," said Smith. "It has to be a serious breach, and there has to be a risk of substantial damage or distress to individuals; the organisation either knew, or ought to have known, that there was a risk and failed to take reasonable steps to prevent it happening."

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %