PERFORMANCE: Northamptonshire Healthcare Foundation Trust has agreed to improve its data security measures after the Information Commissioner’s Office found it had lost sensitive patient records.
The mental health and community services provider realised that personal data had gone missing after a request for access to the records by the patient concerned.
The trust found that records provided to them by their predecessor were not indexed. An ICO report said the trust was unable to find the individual’s records, but did locate a “partial set” made up of letters held in complaints files.
Some of the data lost consisted of “sensitive personal data” regarding the patient’s physical or mental health.
Since the discovery that the records were not indexed, the organisation has begun to transfer paper records into a digital format.
The ICO has agreed not to serve an enforcement notice as long as the trust puts in place sufficient measures for storing paper records, that staff are made aware of the trust’s policies on data storage, and that compliance with those standards is regularly monitored and enforced.
ICO undertaking (attached)