A health trust plans to appeal after being fined £90,000 because details of almost 60 patients were sent to the wrong person, the information watchdog said.
Patient lists containing sensitive personal data on 59 people, including medical diagnoses and resuscitation instructions, were faxed to the wrong number 45 times over three months from last March, the Information Commissioner’s Office (ICO) said.
Central London Community Healthcare Trust did not have sufficient checks in place to ensure that the lists were being delivered to the correct recipient, an ICO investigation found.
Stephen Eckersley, the ICO’s head of enforcement, said: “Patients rely on the NHS to keep their details safe.
“In this case Central London Community Healthcare Trust failed to keep their patients’ sensitive information secure.
“The fact that this information was sent to the wrong recipient for three months without anyone noticing makes this case all the more worrying.”
“We deeply regret that the information commissioner has decided to impose a fine and so we have instructed our lawyers to commence an appeal against this,” a spokeswoman for the trust said.
“We consider that the commissioner has acted incorrectly as a matter of law and so we have no alternative but to bring an appeal.”
But she added that protecting patient confidentiality was a top priority and the incident, which was a result of human error, was “hugely regrettable”.
She went on: “We have apologised to all the individuals and families who were affected by this mistake.
“We have conducted our own internal investigation and taken a number of actions to reduce the risk of such an incident happening again including the phasing out of the use of faxes in favour of more secure email and phone systems.”
Nick Pickles, director of the civil liberties campaign group Big Brother Watch, said: “While fining the organisation does send a message to senior management, it is clear that some frontline staff are not taking these issues seriously and far more needs to be done to hold to account those responsible for errors and improve standards to stop small errors having a significant impact on patient privacy.”