Tag Archives: Fax

Central London Community Healthcare NHS Trust

Posted on by

Breach details

What Inappropriate disclosure of sensitive personal data.
How much 59 records.
When 28 March 2011
Why On 45 occasions over a number of weeks inpatient lists were accidentally faxed to a member of the public, when it was believed they were bring faxed to the appropriate number. Procedures were in place to confirm the arrival of faxed lists, however miscommunication meant that only one reception of the lists was being confirmed, while a second fax number actually belonged to a member of the public.

Regulatory action

Regulator ICO
Action Monetary penalty of £ 90,000
When 21 May 2012

Why the regulator acted

Breach of act Inpatient lists faxed to incorrect recipients. Lack of sufficient policies to prevent such an event. Inappropriate organisational and technical measures.
Known or should have known Staff were used to dealing with impatient data and were aware of its sensitivity, hence having fax protocols.
Likely to cause damage or distress Medical data of patients.

BW Observations

This was the first Monetary Penalty Notice to be appealed to the Information Tribunal. The appeal was heard in December 2012 and the decision released on 15 Jan 2013. The appeal was rejected.

Links

View PDF of the Central London Community Healthcare NHS Trust Monetary Penalty Notice (Breach Watch Archive)
View PDF of the Central London Community Healthcare NHS Trust Monetary Penalty Notice (Via ICO Website)
View PDF of the Information Tribunal Decision.
An analysis of the tribunal decision at the Panopticon blog. (Interestingly barristers from 11KBW acted for both the Commissioner and the Trust)

Lancashire Teaching Hospitals NHS Foundation Trust

Posted on by

What

Loss of sensitive personal data.

How much

Two records.

Why

Sensitive personal information was mistakenly faxed to a member of the public on several occasions.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that staff are made aware of the organisations policies regarding the use and storage of sensitive data and its security.

Reason for action

The wrong number was mistakenly inserted into the fax machine.

When

1 July 2011.

Links

View PDF of the Lancashire Teaching Hospitals NHS Foundation Trust Undertaking (Via ICO Website)

View PDF of the Lancashire Teaching Hospitals NHS Foundation Trust Undertaking (Via Breach Watch Archive)

Basildon and Thurrock University Hospitals NHS Foundation Trust

Posted on by

What

Loss of sensitive personal data.

How much

One record.

Why

Faxes were incorrectly sent to the wrong recipient over a period  of at least a year.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that records are transmitted to GPs in a more secure manner and a ring ahead procedure is implemented.

Reason for action

The Fax was intended for the patient’s GP, but the wrong Fax number was recorded.

When

01 July 2011.

Links

View PDF of the Basildon and Thurrock University Hospitals NHS Foundation Trust Undertaking (Via ICO Website)

View PDF of the Basildon and Thurrock University Hospitals NHS Foundation Trust Undertaking (Breach Watch Archive)

Dunelm Medical Practice

Posted on by

What

Loss of sensitive personal data.

How much

Two records.

Why

Two patient discharge letters were mistakenly sent to an unrelated third party organisation.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that Electronic Discharge letters are only sent by secure email, where possible and that staff are suitably trained.

Reason for action

Records were transmitted by fax and incorrect numbers were used.

When

01 July 2011.

Links

View PDF of the Dunelm Medical Practice Undertaking (Via ICO Website)

View PDF of the Dunelm Medical Practice Undertaking (Breach Watch Archive)

East Midlands Ambulance Service NHS Trust

Posted on by

What

Loss of sensitive personal data.

How much

One record.

Why

Information relating to a patient was mistakenly faxed to the wrong recipient.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that staff are sufficiently trained in the usage of and policies relating to the fax machine.

Reason for action

The wrong number was mistakenly inserted into the fax machine.

When

01 July 2011.

Links

View PDF of the East Midlands Ambulance Service NHS Trust Undertaking (Via ICO Website)

View PDF of the East Midlands Ambulance Service NHS Trust Undertaking (Breach Watch Archive)

Borough of Poole

Posted on by

What

Loss on sensitive personal information on three occasions.

How much

Three records

Why

Faxes containing  personal information were erroneously sent to the wrong number.

Regulator

ICO

Regulatory action

Undertaking issued to ensure that staff are sufficiently training in both the usage of and policies relating to the transmission of data via, fax machines.

Reason for action

Insufficiently clear instructions and training was provided to staff.

When

19 April 2011.

Links

View PDF of the Borough of Poole Undertaking (Via ICO Website)

View PDF of the Borough of Poole Undertaking (Breach Watch Archive)