Data watchdog says NHS is making too many mistakes

Information Commissioner's Office ratchets up rhetoric after two NHS Trusts are caught breaching Data Protection Act

Both trusts have pledged to make improvements to their data protection practices in future

The Information Commissioner’s Office (ICO) has slammed two NHS Foundation Trusts for being found in breach of the Data Protection Act (DPA).

Basingstoke and North Hampshire NHS Foundation Trust found itself in hot water after an unencrypted Excel spreadsheet containing the pathology results of over 900 patients was sent via an unsecured email address between departments.

Meanwhile, at Stoke-on-Trent NHS Foundation Trust, 2,000 physiotherapy records were not filed correctly, putting them at risk of being accidentally lost or destroyed.

Chief executives at both trusts have signed formal undertakings, confirmed the ICO, promising that they will process personal information in line with the DPA in future.

Mick Gorrill, head of enforcement at the ICO, said, with a quarter of all data breaches reported to the ICO involving the NHS, the health service must do more to protect patients' data.

“Everyone makes mistakes, but there are far too many within the NHS,” said Gorrill. “Health bodies must implement the appropriate procedures when storing and transferring patients’ sensitive personal information.”