London NHS Trust Fined Over Breach
Patient Information Repeatedly Faxed to Wrong RecipientThe UK Information Commissioner's Office has fined Central London Community Healthcare NHS Trust £90,000 for a breach involving patient lists repeatedly faxed to the wrong recipient.
See Also: The Alarming Data Security Vulnerabilities Within Many Enterprises
The ICO said in a release that the breach, a violation of the Data Protection Act, occurred in March of last year. Pembridge Palliative Care Unit, part of the Central London Community Healthcare NHS Trust, faxed patient lists intended for St. John's Hospice to the wrong recipient over a three-month period.
In total, 45 faxes were sent to the wrong destination. The individual receiving the faxes notified the Central London NHS Trust and said the faxes had been shredded, according to the release.
The patient lists included personal information on 59 individuals, including medical diagnoses and information relating to their "domestic situations and resuscitation instructions," the release said.
"Central London Community Healthcare NHS Trust failed to keep their patients' sensitive information secure," says Stephen Eckersley, head of enforcement at the ICO. "The fact that this information was sent to the wrong recipient for three months without anyone noticing makes this case all the more worrying."
The ICO's investigation determined the trust did not have sufficient checks in place to ensure that sensitive information sent by fax was delivered to the correct recipient, the release states. The trust also failed to provide sufficient data protection guidance and training to the staff member who was involved.