This site requires Javascript to function correctly
UKAuthority.com requires the use of cookies. Continued use of this site indicates that you accept this policy. More information.

Cookies and your privacy

In accordance with the ICO's EU e-Privacy Directive and to help protect your privacy we are making you aware of the use of cookies on this site.

We use these to aid in improving and maintaining our website. Cookies are used for functionality and to track visitor behaviour on this site, primarily for Google Analytics.

Google Inc are members of the US Safe Harbor Scheme. This scheme allows the transfer of data from within the EEA to countries that are outside of the EEA without having to enter into a specific data transfer agreement. Companies that sign up to the scheme are deemed to provide adequate protection for personal data transmitted from Europe. Google Inc's registration is at http://safeharbor.export.gov/companyinfo.aspx?id=10543.

For more information on the cookies set by Google Analytics please go to: http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html.

This site also makes use of other essential Anonymous cookies, and the site won't work as expected without them. If you don't accept these anonymous cookies some features of the site may be unavailable.

UKAuthority.com's full privacy statement.

UKAuthority.com

Digital public sector news, research & engagement

Thursday 21 June 2012Author: Tim Hampson

Online photos of health records cost trust dear

Belfast Health and Social Care (BHSC) Trust is the first public sector organisation in northern Ireland to be served with a civil monetary penalty (CMP) following a serious breach of the Data Protection Act (DPA). The trust has been fined of £225,000, the Information Commissioner's Office said.

The breach involved the sensitive personal data of thousands of patients and staff and included medical records, X-rays, scans and lab results, and staff records including unopened payslips. They were among paper documents left in a disused hospital which were later posted online.

In 2007 six local trusts merged into the BHSC trust. The merger resulted in the trust taking on the management of more than 50 largely disused sites, including Belvoir Park Hospital. In March 2010 the trust was told that trespassers had gained access to the Belvoir Park site and taken photos of a number of patient records before posting them online.

The trust then carried out inspections of seven buildings at the hospital and a large quantity of patient and staff records were discovered, some dating back to the 1950s. However, some parts of the site were not inspected because they were either locked or inaccessible, due to concerns about asbestos contamination

While the trust took action to improve the security of the site, including repairing damaged doors and windows, on 11 April 2011, the Irish News reported that it was still possible to access the site without authorisation. The Trust then increased the number of security guards on site and carried out a full inspection which revealed further records, many of which were being retained in breach of the trust's 'Records Retention and Disposal' policy.

The trust failed to report the situation to the ICO, which carried out an investigation finding that the trust failed to keep the information secure and also to securely destroy medical documents which it no longer required.

The ICO's assistant commissioner for Northern Ireland, Ken Macdonald, said: "The severity of this penalty reflects the fact that this case involved the confidential and sensitive personal data of thousands of patients and staff being compromised."

       
UKA Live Pre Registration
UKA Live: view recorded interviews