NHS Trust Breaches Data Protection Act

The Information Commissioner’s Office (“ICO”) has recently found the East and North Hertfordshire NHS Trust (“Trust”) to be in breach of the Data Protection Act following a security breach whereby an unencrypted USB stick containing patient’ medical data was lost on a train.

A junior doctor downloaded the information in preparation for a shift handover but inadvertently took the data stick home with him. The stick was unfortunately lost on a train and has not yet been recovered.

Investigations by the ICO found that the junior doctor was not able to access the Trust policies on data protection and that the Trust did not have clear policies on the use of mobile media devices. An undertaking has been entered between the ICO and the Trust in which the Trust agrees to implement clear policies on the use of mobile media devices, train all staff who have access to personal data on such policies and monitor compliance with the security policies to prevent such an event occurring in future.

Comments are closed.