AN NHS trust in London has been fined £90,000 by the Information Commissioner's Office (ICO) following a serious breach of the Data Protection Act when 45 faxes containing sensitive patient details were sent to the wrong recipient.
Patient lists from the Pembridge Palliative Care Unit intended for St John’s Hospice were faxed to the wrong recipient. The individual informed the Trust that they had been receiving the patient lists – around 45 faxes over a three month period – but had shredded them.
The faxes included sensitive personal data relating to 59 individuals, including medical diagnoses and information concerning their domestic situations and resuscitation instructions.
The ICO investigation found that the Trust failed to have sufficient checks in place and also failed to provide sufficient data protection guidance and training to the member of staff concerned.
Stephen Eckersley, the ICO’s Head of Enforcement, said: "Patients rely on the NHS to keep their details safe. In this case Central London Community Healthcare NHS Trust failed to keep their patients' sensitive information secure. The fact that this information was sent to the wrong recipient for three months without anyone noticing, makes this case all the more worrying."