PERFORMANCE: NHS Eastern and Coastal Kent accidentally sent a CD containing the personal details of 1.6 million patients to a landfill site in March.
A report from the Information Commissioner’s Office said it had been informed that a filing cabinet containing the CD had been sent to landfill during a move of office premises.
“When planning the office move the security of the CD was considered [by primary care trust staff] and it was deemed appropriate to store it in the filing cabinet concerned,” the report said. However, the “existence of the CD was not communicated” to the project manager coordinating the move.
The PCT’s data controller “did take steps to attempt to retrieve the filing cabinet once discovered missing, however the cabinet had already gone to landfill and was unable to be recovered”, the report said.
Ann Sutton, chief Executive of the NHS Kent and Medway cluster, which includes Eastern and Coastal Kent, said: “While the breach was unfortunate, I would like to reassure patients that the data stored in the filing cabinet was not current – the most recent information was from 2002. There was no clinical data involved and the data is beyond retrieval.”
She added: “We no longer store information on floppy disks or CDs and use sophisticated systems of encryption. We have carried out our own thorough investigation into the incident and produced a comprehensive set of recommendations and learning points which are already being implemented.”
PCT and ICO documents (see attached, right, and link)
16 September 2011