Belfast Into the Social Care Rely on have already been fined £ 225, 500 by the Info Commissioner's Workplace (ICO).
A study found that following a merger of 6 community trusts to the Belfast Into the Social Care Rely upon 2007, 1 data controller took more than responsibility for over fifty disused websites.
Nevertheless confidential and sensitive private data, composed of patient and personnel records were stored with Belvoir Park Medical center, a disused website. The ICO discovered that the data control did not execute an inspection mainly because it took over obligation for the website, but did organize physical security measures for this.
The particular ICO found which trespassers gained entry to the site upon several occasions to photo the records, that have been then posted on the web. Although it was accepted which very few from the data subjects had been identifiable from the pictures, the data control was not aware which the security from the data on the website had been compromised until second March 2010 whenever they received a written report from a 3rd party that images from the records were available on the web.
After this, the information controller increased the amount of security protects and arranged to have an inspection from the site. This particular found that records on the website were kept either in containers, in cupboards, on shelves or even on the ground. The sufferer records integrated: approximately a hundred, 000 paper healthcare data; X-rays; microfilm records; hard duplicates of medical tests; hard copies associated with scan reports; laboratory results; paper keep records; and numerous words.
Nevertheless the trust did not report the problem in the Belvoir Park website to the ICO and also the ICO's investigation discovered that the trust did not keep the info secure or securely kill medical documents whenever they was no mo re needed.
Tobey maguire Macdonald, the particular ICO's assistant commissioner for the purpose of Northern Ireland, mentioned: “The severity of the penalty reflects the truth that this situation involved the confidential and also sensitive personal data associated with thousands of patients and also staff being affected.
“The believe in failed to take suitable action to keep the info secure, departing sensitive information in a hospital site which was clearly no more fit for objective. The people included would also have experienced additional distress due to the particular posting of this information on the web.
“The believe in has therefore failed considerably in its duty in order to its patients, and hope which the action we've used sets an example for many organisations they must keep private data secure, regardless of where they decide to store this. â€
The particular trust has now eliminated patien t records from your site and analyzed them and either maintained or securely discarded them as needed. A decommissioning plan has also been applied by the trust to make sure that personal data is securely damaged once it is no more required.
