Related Links

Top 5 Stories


Welsh board first NHS organization to be fined for data breach

01 May 2012

The UK Information Commissioner’s Office (ICO) has fined the Aneurin Bevan Health Board in South Wales £70,000 for a “serious breach” of the Data Protection Act, the first National Health Service (NHS) organization to receive a data breach fine.

The breach occurred when a doctor emailed a letter with patient information to a secretary for formatting, but did not include enough information for the secretary to identify the correct patient, the ICO said in a statement. The doctor also misspelled the name of the patient, which led to the report being sent to a former patient with a similar name.

The ICO found that neither person had received data protection training and that the board did not have adequate checks in place to ensure that personal information was sent to the correct person. These poor practices were also used by other clinical and secretarial staff across the organization, the ICO noted.

“Aneurin Bevan Health Board failed to have suitable checks in place to keep the sensitive information they handled secure. This case could have been extremely distressing to the individual and their family and may have been prevented if the information had been checked prior to it being sent”, commented Stephen Eckersley, ICO’s head of enforcement.

The board also agreed to address the concerns expressed by the ICO during its investigation. This includes ensuring all staff are made aware of and trained on the organization’s policies on storage and use of personal data, that there is appropriate and regular monitoring of compliance with policies on data protection and IT security, and that new checking processes are introduced across all sites to confirm a patient’s identity before personal information is sent out. 

This article is featured in:
Compliance and Policy  •  Data Loss  •  Public Sector


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×