London NHS trust fined £90,000 for data breach
- 21 May 2012
- From the section London
An NHS trust has been fined £90,000 after 59 patients' details were sent to the wrong person.
Personal data, including diagnoses, was faxed to a member of the public 45 times for three months from last March.
The Central London Community Healthcare NHS Trust did not have sufficient checks in place, the Information Commissioner's Office (ICO) said.
The trust said the breach was regrettable, but it intended to appeal against the the fine.
Stephen Eckersley, the ICO's head of enforcement, said: "Patients rely on the NHS to keep their details safe.
"In this case Central London Community Healthcare NHS Trust failed to keep their patients' sensitive information secure.
"The fact that this information was sent to the wrong recipient for three months without anyone noticing makes this case all the more worrying."
A spokesman for the trust said: "We deeply regret that the Information Commissioner has decided to impose a fine and so we have instructed our lawyers to commence an appeal against this.
"We consider that the commissioner has acted incorrectly as a matter of law and so we have no alternative but to bring an appeal."
But she added that protecting patient confidentiality was a top priority and the incident, which was a result of human error, was "hugely regrettable".
The trust had apologised to those affected and changes have been made to procedures following an internal investigation.