Abandoned Records Result in Â£100,000 FinePatient Documents Left in Closed Facility
The UK's Information Commissioner's Office has fined the Stockport Primary Care Trust Â£100,000 after it left boxes of patient records at a shuttered location.
The new owner of the location previously operated by the trust reported to the ICO that boxes of documents containing personal information had been left behind, according to an ICO statement.
The boxes contained 1,000 documents, including work diaries, letters, referral forms and patient records containing personal information, the ICO said. Some documents contained particularly sensitive data on 200 patients, including details of miscarriages, child protection issues and a police report relating to the death of a child.
The ICO said its investigation revealed two earlier security incidents where sensitive data had been left behind in secure buildings owned by the trust.
"It's crucial that organizations don't take their eye off the ball when moving premises," said David Smith, deputy commissioner and director of data protection at the ICO. "The highly sensitive nature of the documents left behind makes this mistake inexcusable, and there can be no doubt that the penalty we've served is both necessary and appropriate."
Stockport Primary Care Trust was dissolved on March 31, 2013, and its legal responsibilities were passed to the NHS Commissioning Board, which is now required to pay the penalty by July 3, or serve a notice of appeal by July 2.
5 Tips When Moving
The ICO offers five tips for healthcare organizations that are moving locations:
- Personal information is at particular risk when moving; make security a priority.
- Don't assume anything; make sure it's clear who's responsible for what during the move.
- Ensure records and equipment containing personal information are moved securely.
- Dispose of files or computer hardware with care.
- Put a policy in place to make sure that security incidents are reported and acted upon in order to learn from mistakes.