An NHS trust has been fined £200,000 by the data watchdog after it sold an old computer which contained the personal details of more than 3,000 patients.
The sensitive information was left on the computer sold by a data destruction company employed by NHS Surrey.
The Information Commissioner's Office (ICO) was tipped off after a member of the public bought the second-hand computer online.
Sky News understands that some of the PCs were sold on the internet auction site eBay.
The company had been employed by NHS Surrey since March 2010 to wipe and destroy its old computer equipment.
The company carried out the service for free, with an agreement that they could sell any salvageable materials after the hard drives had been securely destroyed.
The ICO said: "On 29 May 2012 NHS Surrey was contacted by a member of the public who had recently bought a second-hand computer online and found that it contained the details of patients' treated by NHS Surrey.
"The organisation collected the computer and found confidential sensitive personal data and HR records, including patient records relating to approximately 900 adults and 2000 children."
The watchdog added: "After being alerted to the problem, NHS Surrey managed to reclaim a further 39 computers sold by the trading arm of their new data destruction provider.
"Ten of these computers were found to have previously belonged to NHS Surrey; three of which still contained sensitive personal data."
The ICO's investigation found that NHS Surrey had no contract in place with their new provider, which clearly explained the provider's legal requirements under the Data Protection Act, and failed to observe and monitor the data destruction process.
NHS Surrey mislaid the records of the equipment passed for destruction between March 2010 and 10 February 2011, and was only able to confirm that 1,570 computers were processed between 10 February 2011 and 28 May 2012.
The data destruction company was unable to trace where the computers ended up, or confirm how many might still contain personal data.
Stephen Eckersley, ICO Head of Enforcement, said: "The facts of this breach are truly shocking. NHS Surrey chose to leave an approved provider and handed over thousands of patients' details to a company without checking that the information had been securely deleted.
"The result was that patients' information was effectively being sold online. This breach is one of the most serious the ICO has witnessed and the penalty reflects the disturbing circumstances of the case.
"We should not have to tell organisations to think twice before outsourcing vital services to companies who offer to work for free."
NHS Surrey was dissolved in March 2013 with some of their legal responsibilities passing to the NHS Commissioning Board.
The board will be required to pay the penalty by July 22 or serve a notice of appeal by July 19.
The full penalty is eventually paid into the Treasury's Consolidated Fund.
Anda sedang membaca artikel tentang
NHS Computers With Patient Data Sold On Ebay
Dengan url
http://gagalcoba.blogspot.com/2013/07/nhs-computers-with-patient-data-sold-on.html
Anda boleh menyebar luaskannya atau mengcopy paste-nya
NHS Computers With Patient Data Sold On Ebay
namun jangan lupa untuk meletakkan link
NHS Computers With Patient Data Sold On Ebay
sebagai sumbernya
0 komentar:
Posting Komentar