Northern Health Trust told to improve data security
The Information Commissioner has told the Northern Health Trust it should do more to keep the data it holds secure.
It follows several incidents, including one in 2011 when a confidential referral form was faxed from a ward in Antrim Area Hospital to a local business by mistake.
The commissioner found the trust had mandatory information governance training in place for all staff.
However, those involved in the incidents had not received it.
Last August, as part of an undertaking with the Information Commissioner, the trust agreed to make sure staff attended mandatory training on handling sensitive information.
A follow-up in January this year found that while this was done, the trust needed to take more action.
It has introduced additional training sessions and now uses encrypted laptops.
However, the Information Commissioner's follow-up report said that to comply with its undertaking, the trust should, among other things, review its physical security measures where sensitive or personal information is stored and update its induction material on information governance.
In his report, the Information Commissioner said the business that received the sensitive data returned it promptly. The referral form had been intended for the trust's community rehabilitation team. A fax policy, which was in place, had not been followed properly.
Another incident involved the inappropriate disclosure to professionals working with the trust of minutes containing sensitive personal data.
The Information Commissioner has a variety of powers to compel public organisations and businesses to meet their data protection obligations, including a monetary penalty of up to £500,000 or criminal prosecutions for serious breaches.
A company or public body can also agree to undertake certain steps to improve its compliance with data protection.
The Northern Trust was not the only body that agreed to improve how it handled sensitive information last year.
Foyle Women's Aid agreed to improve after the temporary loss of a folder containing confidential client information. It was left in a café.
An apparent lack of effective controls and procedures for taking information out of the office contributed to the incident, the Information Commission report said.