A health trust is facing action under the Data Protection Act following the theft of a computer containing patient information. The Hastings and Rother Primary Care Trust will be the eighth NHS body to face action by the Information Commissioner’s Office.
The announcement that enforcement action was being taken came only a few days after the ICO announced a significant rise in the number of breaches of the Data Protection Act reported to it. It said that almost 100 incidents had occurred in the last three months and that the private sector, central and local government as well as the NHS had all reported breaches.
The Hastings and Rother case follows the theft of a computer which held sensitive personal information. The ICO said the building where the machine was housed did not have adequate security in place although the data controller had expressed concern over the lack of physical security measures. The PCT will now be required to sign a formal undertaking that it will in future process information in accordance with the Act. This will also involve staff being given training and the encryption of all office equipment and mobile devices that are used to store and transmit personal information.
Mick Gorrill, an assistant Information Commissioner, said, “I am increasingly concerned about the way some NHS organisations are failing to securely hold people’s health and personal information. Organisations must implement appropriate safeguards to ensure personal details about patients are processed securely.”