PERFORMANCE: University Hospitals Coventry & Warwickshire NHS Trust has breached the Data Protection Act by losing patients’ medical information twice in two months this year.
The Information Commissioner’s Office said that in February, records relating to the treatment of 18 patients were found in a communal waste bin at a residential apartment block. The information had been taken home by a member of staff and accidentally disposed of in a public bin along with other rubbish.
In a second incident, in May, a member of the public discovered details relating to a patient’s sensitive medical procedures and test results which were allegedly found in a bin outside Coventry University Hospital.
The ICO’s investigation found that the trust’s policies and procedures on the use of personal information were not sufficient.
During the commissioner’s investigation, concerns were also raised about the delivery and collection point for patient notes at one of the trust’s hospitals.
Sally Anne Poole, acting head of enforcement, said: “The fact that the trust lost sensitive personal information on two separate occasions within the space of two months is clearly not acceptable.
“Organisations across the health service must recognise that they hold some of the most sensitive personal data available and that it must never be disposed of in the same way as routine household waste.”
The ICO has now ordered the trust to review its policies to make sure that personal information is adequately protected and disposed of. Staff will be trained to follow the trust’s updated guidelines and new procedures governing the handling of clinical data. The hospital will also carry out routine monitoring to ensure that procedures are being followed.
ICO press release (attached, right)