Norfolk health trust accidentally releases data of 128,000 patients
- Credit: EDP, Archant
A Norfolk health trust has put in extra data protection measures after accidentally releasing data of more than 128,000 patients.
Norfolk Community Health and Care Trust (NCH&C) sent the data to a referral management centre which it was working with last year unintentionally.
In total, data on 128,842 patients were leaked, including health records.
But the records, which were sent in March 2014, were unable to be read by the management centre as they were encrypted.
The trust told the Information Commissioner's Office (ICO) - which enforces the Data Protection Act - in March 2014 about the leak.
You may also want to watch:
In September, the trust's interim chief executive Mark Easton signed an undertaking with the ICO to stop a repeat of the incident.
The trust has been given until February to make improvements in its data protection and train its staff.
- 1 'Too close to home': Neighbours' shock as body found at Mousehold Heath
- 2 Which? warning to avoid sun cream brand for children
- 3 Chicken restaurant closes 'due to unforeseen circumstances'
- 4 Lifeboat crew rescues three girls out to sea on lilos
- 5 Poultry company owner says food industry is at 'crisis point'
- 6 What are the top 10 new shops opening in Norwich?
- 7 Noise investigation launched after works leave houses 'tremoring'
- 8 New beauty salon and massage rooms open at country club
- 9 'Like an invasion' - locals speak out over five-day festival
- 10 'Cold and desolate' - Anne Robinson's Countdown jibe at Norfolk
A meeting was held by NCH&C on Thursday to discuss the latest progress on changes made since the huge leak.
NCH&C had a contract with the management centre to provide IT support until the end of March 2014 and the centre asked for a copy from the trust of a database of patients.
But it found it was sent data it did not ask for and did not need.
The data included referrals from health care services and was stored in the form of a system back up file.
It was encrypted, but the report by the ICO said a 'lack of specific instructions and communication to staff members, coupled with the absence of appropriate quality assurance measures, led to the incorrect data set being provided.'
No data sharing agreement was in place with the referral management centre and there was a lack of staff guidance on what to share. 'This ultimately led to the incorrect data set being provided,' the report said.
The ICO told the trust to train staff by no later than February 2015 on how to follow data procedures.
A spokesperson for NHC&C said: 'The trust takes seriously its responsibilities to protect all of the data that is held and, as a result of the incident, the trust immediately strengthened its controls.'
They added the trust was now 'working closely' with the ICO to develop its data protection systems.