Only the vigilance of an eagle-eyed auctioneer stopped information relating to 7,000 patients in west Norfolk being sold to the highest bidder, we can reveal today.

A health chief at the Queen Elizabeth Hospital, in King's Lynn, has announced a full internal investigation is underway after a piece of medical equipment containing personal data slipped through the first stage of their disposal process.

The potential for the information to be leaked was however prevented by an auctioneer, at a family business which specialises in the sale of medical equipment, who flagged up the error.

Dorothy Hosein, chief executive at The Queen Elizabeth Hospital said: 'We are currently holding a full internal investigation to ensure lessons are learnt and our internal processes are strengthened.'

A report conducted by a Clinical Commissioning Group (CCG) official about patient safety, referred to yesterday in a meeting of the West Norfolk CCG Governing Body, read there had been a 'breach of patient confidentiality' when a hard drive was submitted for auction.

Mrs Hosein has said no breach of patient confidentiality had been made and, despite the wording of the report, she has been backed by the West Norfolk CCG.

A spokesman for the health care commissioning group said: 'The CCG was satisfied the Queen Elizabeth Hospital has dealt with this issue appropriately and notes no patient data was released.'

The Clinical Quality and Patient Safety report, which logged the matter as a 'serious incident' in December 2015, read the equipment - which contained information on eye tests - was recorded as having been inspected, but was subsequently identified by the auctioneer to contain Patient Identifiable Data (PID).

It is believed the hospital reported the incident to the Information Commissioner's Office, an independent authority which upholds information rights, as a matter of course but it responded that no further action was to be taken.

Mrs Hosein said: 'As is routine, a sturdy process is in place to dispose of unwanted and unusable equipment, which involves a number of key stages.'

She said their method was to wipe items clean but, in this case, this stage did not occur internally but was carried out by a NHS approved disposal organisation, who ensured all patient information was secure.

This organisation was later named as the Hilditch Group Ltd, an international company based in Wiltshire who were not available for comment yesterday.