ICO Fines London NHS Trust £60,000
Fourth Breach Penalty ICO Has Issued in 2 Months
St. George's Healthcare NHS Trust in London has been fined £60,000 by the UK Information Commissioner's Office after an individual's medical information was sent to the wrong address.
See Also: The Alarming Data Security Vulnerabilities Within Many Enterprises
The compromised information in the breach included two letters that were sent by the trust in May 2011 to an old address that the recipient hasn't lived at for nearly five years, the ICO reports.
The correct address had been provided to the trust before the individual's medical examination, according to a release issued by the ICO. Also, the address was logged on the national care records service in June 2006.
Staff members neglected to use the address supplied before the examination or to review the recorded address against the national care records service entry, the ICO says.
Although the trust established a prompt to remind staff members to check and update patient information against the national care records service, "the trust knew the prompt could be bypassed and failed to take action to address the problem until it was too late," the ICO says.
"This is the fourth monetary penalty we have issued to the NHS in the past two months," says Stephen Eckersley, the ICO's head of enforcement. "It is vital that these organizations make sure they have the necessary measures in place to keep patients' details secure."
As a result of the breach, St. George's Trust is now taking steps to make sure checks are in place to ensure that information the trust has is correct, comparing it against the national care records service and other sources.
