Information commissioner calls for greater powers to audit NHS

The Information Commissioner’s Office has issued a statement saying that data breaches in the NHS “continue to be a major problem” and claiming it is being “blocked” from auditing organisations.

Of the 47 undertakings the ICO has agreed with organisations that have breached the Data Protection Act since April, 19 were in the healthcare sector.

Currently the ICO has compulsory audit powers for central government departments but must win consent before auditing commissioners or trusts.

Information commissioner Christopher Graham said his office should be able to conduct compulsory audits of NHS bodies, as well as local government and private bodies.

Mr Graham said: “Something is clearly wrong when the regulator has to ask permission from the organisations causing us concern before we can audit their data protection practices. We are powerless to get in there and find out what is really going on.

“With more data being collected about all of us than ever before, greater audit powers are urgently needed. I am preparing the business case for the extension of the ICO’s assessment notice powers under the Coroners and Justice Act 2009 to these problematic sectors.”   

Health minister Simon Burns said: “We fully support the call for the Information Commissioner’s Office to conduct compulsory data protection audits in the NHS. Having set clear standards for NHS organisations to adhere to on data handling, we urge them to ensure that staff understand and follow that guidance. “