PERFORMANCE: Dartford and Gravesham NHS Trust breached the Data Protection Act by accidentally destroying 10,000 archived records, the Information Commissioner’s Office has said.
The records – which should have been kept in a dedicated storage area – were put in a disposal room due to lack of space, according to the ICO.
The records were then mistakenly removed from the room and destroyed between the 28 and 31 December 2010. The hospital failed to realise that the information was missing for three months.
The ICO said some records included the names and addresses of former patients and some staff, and a limited amount of medical information relating to previous treatment.
The trust has confirmed that the loss of these records does not pose a clinical risk to data subjects affected by this incident, it said.
As a result of the breach, the ICO has ordered the trust to ensure its staff are made aware of data protection policies and procedures, and that they receive suitable training on how to follow them.
ICO acting head of enforcement Sally Anne Poole said: “Although the majority of information lost was several years old and only being kept for archiving purposes, there is no excuse for failing to keep it secure.
“The hospital should have ensured that the records were kept in a safe area – and, had they had adequate audit trails in place, they would have been able to keep track of where this information was at all times.”
Source
Source date
4 October 2011
No comments yet