The Hillingdon Hospitals NHS Foundation Trust in Middlesex has signed an undertaking with the Information Commissioner’s Office following a data protection breach.

According to the documentation, the ICO was provided with a report on July 5, 2012 which stated that the trust had been informed that a local newspaper was in possession of 4 two week wait cancer referral forms containing sensitive clinical data relating to four data subjects.

Following investigation, it was established that the documents had been prepared for transfer between The Hillingdon Hospital and Mount Vernon Hospital via the internal mail system but failed to arrive at their intended destination. The documents were subsequently found to be in the possession of the local newspaper. It is unclear at which point the documents were lost or taken off-site and how they came in to the newspaper’s possession. And although staff were aware that the documents had not arrived, the incident was not escalated. The investigation revealed that there was a gap in the trust’s reporting mechanism for data protection incidents and near misses.

You can read the undertaking here.