The Information Commissioner has warned Great Ormond Street Hospital for Children Foundation Trust to assess the strength of its data policy after patients’ personal medical information was sent to the wrong addresses.

There have been four separate incidents over the last 18 months in which this happened, most of them involving temporary or bank staff members of staff who had no data protection training.

An investigation by the commissioner discovered the London-based trust had no policy in place for checking addresses were up-to-date.

Great Ormond Street has avoided an enforcement notice but the ICO told it all temporary staff should be trained in data protection. It was also told to introduce security measures “to ensure that personal data is protected against unauthorised and unlawful processing, accidental loss, destruction, and/or damage”.

A trust spokeswoman said: “We take the privacy of our patients extremely seriously and we deeply regret that these four incidents occurred. We have responded by rapidly putting into place an action plan to ensure we have the necessary training and systems to keep all our patient information safe and secure.”