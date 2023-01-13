Manx Care given extra three months to deal with data breach issues
Published
Manx Care has been given an extra three months to put measures in place to prevent breaches of patient's private data or face paying a £170,000 fine.
It follows the sending of an insecure email attachment containing the patient's confidential health details, which was sent to 1,870 recipients.
The information commissioner had given the health care provider until 31 December to create secure systems.
That has now been extended until 31 March after some progress was made.
Iain McDonald said the extension had been put in place because work to ensure the security of patient data being distributed internally had commenced.
However, he said there was "still significant work to be completed".
'Comprehensive action plan'
At the time the email was sent in October 2021, Manx Care was already under an enforcement notice issued to the former health department over its handling of confidential data.
A second enforcement notice was issued in February 2022 before the stayed financial penalty was imposed in July.
Mr McDonald said, if Manx Care fails to comply with the notice by 31 March, the fine would become immediately payable and limitations would be put on the health care provider's use of internal emails to transmit personal data.
Speaking at Manx Care's latest public board meeting this week, chief executive Teresa Cope said a "comprehensive action plan" to address the issues had been submitted to the commissioner, including policy development, the changing of a global address list and putting in place a secure email system.
Work was also under way to increase information governance staffing to ensure the notice could be complied with, and monthly updates on progress with the plan would continue to be provided to the commissioner's office, she added.
