Central London Community Healthcare (CLCH) NHS Trust has been fined £90,000 for a serious breach of the Data Protection Act (DPA), the Information Commissioner’s Office (ICO) has announced.
The Trust has said that it intends to lodge an appeal.
In March last year, patient lists from the Pembridge Palliative Care Unit, intended for St John’s Hospice, were faxed to the wrong recipient. The individual informed the Trust in June that they had been receiving the patient lists, which amounted to around 45 faxes over a period of three months – but said they had shredded them.
The lists contained sensitive personal data relating to 59 individuals, including medical diagnoses and information relating to their domestic situations and resuscitation instructions.
The ICO investigation found that the Trust did not have sufficient checks in place to ensure that sensitive information sent by fax was delivered to the correct recipient. The trust also failed to provide sufficient data protection guidance and training to the member of staff concerned.
Stephen Eckersley, the ICO’s Head of Enforcement said that patients relied on the NHS to keep their details safe, which the Trust had failed to do. “The fact that this information was sent to the wrong recipient for three months without anyone noticing, makes this case all the more worrying,” he said.
In response to the adjudication the Trust said in a statement: “It is hugely regrettable that this incident, which was down to human error, happened and we have apologised to all the individuals and families who were affected by this mistake.”
The Trust said it had carried out its own internal investigation and taken several steps to avoid a similar incident, including phasing out of faxes in favour of more secure email and phone contact systems.
It added that it had achieved or exceeded the minimum thresholds across all 45 standards for information governance, including 98.5% of staff completing relevant training in the last year.
“However, we deeply regret that the Information Commissioner has decided to impose a fine and so we have instructed our lawyers to commence an appeal against this,” the statement continued.
“We consider that the Commissioner has acted incorrectly as a matter of law and so we have no alternative but to bring an appeal.” The Trust has until May 28 to do this.