Homes and Property | Home Page

'NHS hospitals that breach data protection should be fined up to £500,000'

12 April 2012

The Information Commissioner has called for tougher penalties on NHS trusts and hospitals who lose patients' personal medical records.

Christopher Graham said fines of up to £500,000 could be imposed to counter what he called a "disturbing" culture in the health service.

It is believed that millions of records have been lost by health organisations in data breaches which include staff losing laptops, memory sticks and documents.

In an interview with The Independent Mr Graham said: "There's just too much of this stuff going on.

"The senior management is aware of the challenge but the breaches continue. Whether it's a systemic problem in the NHS or an epidemic we have got to do something about it.

"Health service workers look after their patients very carefully but don't always look after their data very carefully."

The commissioner has requested a meeting with the chief executive of the National Health Service Sir David Nicholson to discuss the problem.

"It's a much wider problem and we do need some tougher penalties because the courts don't seem to regard it as a terribly serious offence," he added.

He made the comments as he revealed that five more health organisations had agreed to improve security following major data breaches - which can be prosecuted under section 55 of the Data Protection Act.

They include Ipswich Hospital NHS Trust, which saw a staff member misplace 29 records, East Midlands Ambulance Service NHS Trust, Lancashire Teaching Hospitals NHS Foundation Trust and Basildon and Thurrock NHS Trust.

The commissioner is also investigating how the NHS North Central London Trust lost a laptop containing an estimated 8.3 million patient records.

Mr Graham added: "It could either be deeply embarrassing and upsetting to people who are not well.

"But also it's a source of personal information which can be abused for all sorts of purposes about identify theft, blackmail or whatever.

"There's a market in the unlawful disclosure of personal information that's supposed to be protected by the Data Protection Act."

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in

MORE ABOUT

Punishment