01.05.12
NHS receives first ICO fine
The Information Commissioner’s Office (ICO) has dealt its first fine to an NHS organisation for sending a patient’s health report to the wrong person, with a similarly spelt name.
The sensitive information was breached by Aneurin Bevan Health Board, which was fined £70,000. The Board has signed an undertaking to improve its data protection practices, including staff training on storing and using personal data and compliance monitoring on its data protection and IT security policies.
Additionally, the Board will ensure new processes are in place to confirm a patient’s identity before information is sent out.
Stephen Eckersley, the ICO’s head of enforcement, said: “We are pleased that the health board has now committed to taking action to address the problems highlighted by our investigation; however organisations across the health service must stand up and take notice of this decision if they want to avoid future enforcement action from the ICO.”
Tell us what you think – have your say below, or email us directly at [email protected]