View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 5, 2011

Dartford and Gravesham NHS Trust accidentally destroyed thousands of records: ICO

Records included personal information of former patients and some staff

By CBR Staff Writer

The Information Commissioner’s Office (ICO) has said the Dartford and Gravesham NHS Trust breached the Data Protection Act by "accidentally" destroying 10,000 archived records.

The ICO blamed the Trust for negligence. It said that the records — some of which included the names and addresses of former patients and some staff, and a limited amount of medical information relating to the patients’ previous treatment — should have been kept in a dedicated storage area. Instead, the records were put in a disposal room due to lack of space, said the ICO.

The records were then "mistakenly" removed from the room and destroyed between the 28 and 31 December 2010. Furthermore, the hospital failed to realise that the information was missing for three months, said the ICO.

The Trust has been unable to establish how many of the records would have contained personal information – the majority of which would have been several years old. But the Trust has confirmed that the loss of these records does not pose a clinical risk to data subjects affected by this incident.

The ICO has ordered the Trust to take action to ensure its staff are made aware of data protection polices and procedures and that they receive suitable training on how to follow them. The Trust will also regularly monitor their staff to make sure policies are being correctly followed, said the ICO.

Acting Head of Enforcement Sally Anne Poole said although the majority of information lost was several years old and only being kept for archiving purposes, there is no excuse for failing to keep it secure.
"The hospital should have ensured that the records were kept in a safe area – and, had they had adequate audit trails in place, they would have been able to keep track of where this information was at all times," said Poole.

A further undertaking has also been signed by Poole NHS Trust after two diaries – containing information relating to the care of 240 midwifery patients – were stolen from a nurse’s car. The diaries included patients’ names, addresses and details of previous visits and were used by the nurse during out of hours duty.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

The ICO said that the Trust has now taken action to keep the personal information it uses secure, includes making sure patient information is not left in unattended vehicles and that papers only contain the minimum amount of data necessary. The Trust will also anonymise information where possible.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.