A Norfolk health trust has put in extra data protection measures after accidentally releasing data of more than 128,000 patients.
Norfolk Community Health and Care Trust (NCH&C) sent the data to a referral management centre which it was working with last year unintentionally.
In total, data on 128,842 patients were leaked, including health records.
But the records, which were sent in March 2014, were unable to be read by the management centre as they were encrypted.
The trust told the Information Commissioner's Office (ICO) - which enforces the Data Protection Act - in March 2014 about the leak.
In September, the trust's interim chief executive Mark Easton signed an undertaking with the ICO to stop a repeat of the incident.
The trust has been given until February to make improvements in its data protection and train its staff.
A meeting was held by NCH&C on Thursday to discuss the latest progress on changes made since the huge leak.
NCH&C had a contract with the management centre to provide IT support until the end of March 2014 and the centre asked for a copy from the trust of a database of patients.
But it found it was sent data it did not ask for and did not need.
The data included referrals from health care services and was stored in the form of a system back up file.
It was encrypted, but the report by the ICO said a 'lack of specific instructions and communication to staff members, coupled with the absence of appropriate quality assurance measures, led to the incorrect data set being provided.'
No data sharing agreement was in place with the referral management centre and there was a lack of staff guidance on what to share. 'This ultimately led to the incorrect data set being provided,' the report said.
The ICO told the trust to train staff by no later than February 2015 on how to follow data procedures.
A spokesperson for NHC&C said: 'The trust takes seriously its responsibilities to protect all of the data that is held and, as a result of the incident, the trust immediately strengthened its controls.'
They added the trust was now 'working closely' with the ICO to develop its data protection systems.
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here