Camden primary care trust has been given until the end of the month to improve the security of personal information it holds or risk being held in contempt of court.
The Information Commissioner’s Office has taken enforcement against the PCT after computers containing 2,500 people’s names, addresses and medical diagnoses were left behind a skip inside the grounds of St Pancras Hospital in August last year. The computers, which were not encrypted, were removed from the scene without authorisation and were never recovered.
Likelihood of distress
The Information Commissioner’s Office has served Camden PCT with an enforcement notice for failing to take appropriate measures to safeguard the security of people’s personal details. The notice said: “The commissioner took the view that the likelihood of distress is self-evident.”
Assistant information commissioner Mick Gorrill said: “Individuals must feel confident that their personal health records will be handled properly by NHS bodies. Over 2,500 individuals may have suffered anxiety as a result of this breach with the worry that their medical records could fall into the wrong hands. This incident highlights organisational error and will no doubt damage public trust in the NHS locally.”
He said he was increasingly concerned about the way some NHS organisations dispose of sensitive patient information.
Camden PCT chief executive Rob Larkman said it had fallen below its usual high standards on patient confidentiality and data protection and had reviewed its procedures and training as a result.
He said: “NHS Camden sets itself incredibly high standards when it comes to patient confidentiality and data protection. Unfortunately, on this occasion we fell below our high standards by inadequately disposing of a number of obsolete computers.
“As a result of the incident, we implemented a root and branch review of our procedures and training on data protection and computer disposal which are being introduced to every member of staff at the PCT.”