UK: North West London Hospitals NHS Trust violated Data Protection Act – ICO
The Information Commissioner’s Office (ICO) has found that a doctor at North West London Hospitals NHS Trust breached the Data Protection Act by leaving medical information about 56 patients on the tube.
The incident, which was reported to the ICO by the Trust in May 2010, occurred when a doctor printed out personal and diagnostic information about patients to use in audit work, undertaken at home outside normal working hours.
On 27 May, shortly after leaving the tube station, the doctor realised the information had been left on the train and returned to inform the station supervisor. The documents were subsequently found by London Transport at the train’s termination point and retrieved by the doctor.
Sally-Anne Poole, Enforcement Group Manager at the ICO, said:
“Most of us can think of time when we’ve found someone else’s personal belonging, like an umbrella, left behind on a train. But the last thing we should ever expect to find are highly confidential and sensitive papers detailing people’s medical history.
“We understand that many health professionals have busy lives and often take work home but simple steps like removing patient’s names from print outs can help minimise the potential for personal data to be lost or otherwise compromised. I welcome North West London Hospitals NHS Trust’s decision to report this breach to us and for the remedial action it has taken to put more effective data protection measures in place.”
Fiona Wise, Chief Executive of The North West London Hospitals NHS Trust, has signal a formal undertaking outlining that the organisation will ensure that personal data is processed in accordance with the Data Protection Act. In particular the Trust has agreed to adopt pseudonymisation techniques, meaning that personal details like patient’s names, will not be contained in print outs.
A full copy of the Undertaking can be found here:
Source: Information Commissioner’s Office