Editorial & Analysis
Popular
Technology Categories
- Security (282)
- Desktop Virtualization (236)
- Uncategorised (226)
- Public/Private clouds (223)
- Applications (220)
- Business Continuity (216)
- Server Virtualization (192)
- BYOD (192)
- Network Virtualization (183)
- Storage Virtualization (170)
- Big Data (155)
- Availability (149)
- Network Perfomance Management & Monitoring (145)
- Archiving & Back-Up (136)
- Consolidation (128)
- Wireless LAN (124)
- Performance Management (120)
- Systems Management (119)
- Software as a Service (SaaS) (115)
- Infrastructure as a Service (IaaS) (113)
- Network Capacity Planning & Management (113)
- Hosted solutions / applications (111)
- Network equipment, Repeaters, Hubs, Bridges, Switches, Routers (110)
- Governance, Risk & Compliance (105)
- Data Deduplication (103)
- Servers/Hardware (96)
- Mobile Security (93)
- Virtualization Security (91)
- IP Convergence (90)
- Capacity Management (90)
- Storage as a Service (88)
- Application Delivery Network (87)
- Storage Area Networking (SAN) (87)
- Storage Networking – IP storage,Infiniband & iSCSi (86)
- Disk Storage, Flash, SSD, Optical (85)
- Business Intelligence (82)
- Unified Communications (79)
- Wireless Security (78)
- Automation (77)
- Energy Efficiency (76)
- Enterprise Mobility Management (74)
- Mobile Device Management (71)
- Flexible & Smarter Working (70)
- Risk Management (69)
- Campus Networks (67)
- Design & Build (65)
- Recovery (65)
- Platform as a Service (PaaS) (63)
- Managed Security Services (61)
- Content Monitoring/Filtering (56)
- Risk Analysis (54)
- Identity & Network Access Control/Management (52)
- Managed Network Security Services (50)
- Smartphones/Tablets (49)
- Managed Hosting (49)
- Email Archiving & Management (49)
- Business Impact Analysis (49)
- Storage Resource Management (SRM) (47)
- Enterprise Content & Document Management (46)
- Collaboration Tools/Applications (45)
- Network Attached Storage / NAS (44)
- Mobile Enterprise Applications (43)
- Fibre Channel over Ethernet FCoE) (43)
- Cabling (41)
- Mobile Platforms (41)
- IPv6 (40)
- Penetration Testing/Risk & Vulnerability Assessment (38)
- Thin Provisioning (38)
- Information Lifecycle Management (ILM) (38)
- Workflow & Process (36)
- Load Balancing (36)
- Optical Networks (35)
- Forensics (34)
- E-Discovery (30)
- Regulation & legislation (30)
- IP Telephony (30)
- VPN/SSL (29)
- Unified Threat Management (29)
- Power & Protection (29)
- Communications-Enabled Business Process (27)
- Tape Storage (27)
- ISP's (26)
- Enterprise Search & retrieval (24)
- HPC (23)
- Video/Web Conferencing (22)
- Metropolitan Networks (22)
- Collaborative Communications servers (Exchange etc) (21)
- Mesh Networks (21)
- Encryption/PKI/Digital Certificates (20)
- Field Services (17)
- Audio Conferencing (16)
- IP PBX (16)
- Transparency (15)
- Openflow/Software Defined Networking (14)
- Classification (14)
- Wireless Expense Management (11)
- Instant Messaging (11)
- Risk frameworks (11)
- Fixed Mobile Convergence (10)
- Data Masking (9)
- SIP Trunking (8)
- Social Software (7)
- Data Erasure (6)
- Presence (6)
- BS25999 (5)
- HVAC (5)
Popular Categories
Yet another NHS Trust fined by ICO.
18 Jul 2012
Information Commissioner’s Office issues fourth financial penalty against an NHS organisation in just two months.
By issuing four financial penalties in just two months to NHS organisations, the Information Commissioner’s Office (ICO) has sent out a clear signal that it will not tolerate data protection breaches in the health service and is notching up an impressive hit rate as it cracks down on the problems. That’s not without good reason, because what could be more personal, after all, than a patient’s medical records?
The latest NHS trust to fall foul of the ICO is St George’s NHS Trust in south London. It twice sent medical records, by post, to an address that the patient in question hadn’t lived at for five years.
Its punishment for this offence was a £60,000 fine and a public dressing-down from the ICO’s head of enforcement, Stephen Eckersley.
“It’s hard to imagine a more distressing situation for a vulnerable person than the thought of their sensitive health information being sent to someone who had no reason to see it,” he said. “This breach was clearly preventable and is the result of the Trust’s failure to make sure the contact details they have for their patients are accurate and up to date.”
It’s just the latest in a series of NHS data protection errors that the ICO has uncovered. In June, it served a £225,000 monetary penalty notice on the Belfast Health and Social Care Trust, for leaving 100,000 patient records and 15,000 staff records in an abandoned hospital. Earlier that month, it fined the Brighton and Sussex University Hospitals NHS Trust £325,000, after patient data was found on hard drives sold on an online auction site, as reported at the time by IP EXPO Online.
And in May, a monetary penalty notice for £90,000 was served on Central London Community Healthcare NHS Trust, after it was discovered that patient data was faxed to an incorrect and unidentified number – not just once, but on 45 occasions over a number of weeks. The ICO reckons that 59 individuals’ personal data was compromised.
The ICO insists that the purpose of monetary penalties is not to “impose undue financial hardship” and that, when deciding the amount of a fine, it takes into account not just the seriousness of the breach, “but also other factors including the size, financial and other resources of a data controller.”
In a recent interview in Computing, deputy Information Commissioner David Smith suggested that the reason why so many NHS cases come to light is because, for most organisations, reporting a breach of the Data Protection Act is not a legal requirement. However, in the NHS, it is a “management instruction” to report all data breaches – both of computerised data and paper records – to the ICO. Meanwhile, his boss, Christopher Graham, has previously warned of “systemic” problems in the health service.
Critics argue that these financial penalties are a kick in the teeth for the taxpayers who fund and use the NHS, further undermining quality of service and forcing them to cough up twice when the government effectively fines itself. Some believe that the Coalition’s proposed NHS reforms could exacerbate the problems with data protection.
Either way, it’s clear that data protection is an issue that the NHS needs to tackle urgently. It is also, arguably, further evidence of inherent flaws in NHS Spine, the national care records service, or at least in the way that staff are using the system: in the most recent St George’s NHS Trust case, the patient’s correct, current address had already been entered onto Spine, but the ICO found that staff within the Trust were regularly bypassing prompts on Spine to cross-check patient records against the computerised system.
Related articles
UK ICO hands out largest ever data breach penalty
Is the CIO an endangered species?
IT security has much to learn from social media use, says Gartner
Expert Opinion: Speed, power and resilience are what count for data networks in 2012
