Huge Fine for NHS Trust Over Data Protection Act

25 Jun 2013
HomeNews StoriesHuge Fine for NHS Trust Over Data Protection Act

The Information Commissioner’s Office (ICO) has fined North Staffordshire Combined Healthcare NHS Trust £55,000 for breaching the Data Protection Act, as reported by Workplace Law.

The offence dates back to 2011, and involved the accidental faxing of the confidential medical details of three separate patients to a member of the public. The three faxes were supposed to be sent to the Wellbeing Centre of the trust, but the wrong number was dialled and the faxes were instead sent to a member of the public. The person who received them alerted the trust to the problem, and action has now been taken following an enquiry by the ICO.

The confidential details included the names of the patients along with their medial histories, addresses and more, all of which is highly sensitive information. The ICO found that the trust had guidance in place that required staff to phone ahead before sending a fax to avoid exactly this kind of incident. However, the staff had not received the guidance or received training on how to use fax machines securely.

Sally Anne Poole from the ICO said that it was an avoidable breach that could have been prevented with a simple phone call, and said that this should be a warning to other organisations to ensure that they have controls in place.

Any breach of the Data Protection Act can result in large fines like this one, which could prove to be devastating to a smaller business. However, it goes to show the importance of protecting personal data.

Another area to consider is the secure destruction of such personal data. If you hold data on your staff or employees – and it does not even have to be sensitive medical data – you need to ensure that you destroy it properly to avoid the risk of receiving a large fine if it gets into the wrong hands.

Image courtesy of David Castillo Dominici /