December 1, 2023 at 05:19AM
The UK data watchdog reprimanded NHS Fife for a security lapse that led to an unauthorized person obtaining patient data and providing care. A document with personal data of 14 patients was taken after CCTV was disconnected. NHS Fife has since improved document security and access protocols.
Takeaways from the meeting:
1. NHS Fife received a reprimand from Britain’s data regulator, the Information Commissioner’s Office (ICO), for a serious privacy breach involving 14 patients’ data.
2. An unauthorized individual gained access to a hospital ward, obtained a document with personal data of 14 patients, assisted in care for one patient, and left with the document. This person remains unidentified.
3. The breach occurred due to insufficient security measures, including a lack of checks and formal processes at NHS Fife, allowing the document to be handed to the non-staff member.
4. The CCTV system failed to capture the incident as it was disabled due to a staff member turning off the wall socket powering the system.
5. NHS Fife violated Article 5 of the UK GDPR by not ensuring the security of patient data.
6. Following the breach, NHS Fife has implemented a new system for handling documents and updated identification processes to prevent future incidents.
7. ICO’s head of investigations, Natasha Longson, emphasized the importance of secure handling of patient data and advised healthcare organizations to take this incident as a lesson in strengthening their security and access policies.
8. The ICO prefers to offer advisory services to public sector bodies following such incidents, rather than imposing fines, aiming to prevent recurrence through guidance and support.
9. The ICO has previously reprimanded other public sector entities for privacy and data handling breaches, underlining the ongoing need for enhanced data security measures across the sector.