ICO granted new powers to audit NHS organisations for data protection
NHS 'one of the worst performers' when it comes to data protection, claims information commissioner Christopher Graham
The Information Commissioner's Office (ICO) has welcomed a change in legislation enabling it to force National Health Service bodies to be audited for compliance with the Data Protection Act.
Previously, only central government departments were subject to compulsory audits by the ICO, but now the data protection watchdog will be able to subject any body within the National Health Service to auditing.
The ICO will be able to assess data protection by a number of bodies within the NHS. This will include NHS foundation trusts, GP surgeries, NHS Trusts and Community Healthcare Councils. However, the legislation doesn't apply to any private organisations providing services to the NHS.
Audits undertaken by the ICO will review how the NHS handles patients' personal information, and can review areas including security of data, records management, staff training and data sharing.
"The Health Service holds some of the most sensitive personal information available, but instead of leading the way in how it looks after that information, the NHS is one of the worst performers. This is a major cause for concern," said Information Commissioner Christopher Graham.
"Time and time again we see data breaches caused by poor procedures and insufficient training. It simply isn't good enough," he continued.
"We fine these organisations when they get it wrong, but this new power to force our way into the worst performing parts of the health sector will give us a chance to act before a breach happens. It's a reassuring step for patients," Graham added.
The Information Commissioner first issued a financial penalty to the NHS when, in 2012, the Aneurin Bevan Local Health Board in Pontypool, South Wales was fined £70,000 after personal information was sent to the wrong patient.
Since then, the ICO has issued fines totalling £1.3m to organisations within the National Health Service.