Norfolk health trust accidentally releases data of 128,000 patients


- Credit: EDP, Archant

A Norfolk health trust has put in extra data protection measures after accidentally releasing data of more than 128,000 patients.

Norfolk Community Health and Care Trust (NCH&C) sent the data to a referral management centre which it was working with last year unintentionally.

In total, data on 128,842 patients were leaked, including health records.

But the records, which were sent in March 2014, were unable to be read by the management centre as they were encrypted.

The trust told the Information Commissioner's Office (ICO) - which enforces the Data Protection Act - in March 2014 about the leak.

You may also want to watch:

In September, the trust's interim chief executive Mark Easton signed an undertaking with the ICO to stop a repeat of the incident.

The trust has been given until February to make improvements in its data protection and train its staff.

Most Read

A meeting was held by NCH&C on Thursday to discuss the latest progress on changes made since the huge leak.

NCH&C had a contract with the management centre to provide IT support until the end of March 2014 and the centre asked for a copy from the trust of a database of patients.

But it found it was sent data it did not ask for and did not need.

The data included referrals from health care services and was stored in the form of a system back up file.

It was encrypted, but the report by the ICO said a 'lack of specific instructions and communication to staff members, coupled with the absence of appropriate quality assurance measures, led to the incorrect data set being provided.'

No data sharing agreement was in place with the referral management centre and there was a lack of staff guidance on what to share. 'This ultimately led to the incorrect data set being provided,' the report said.

The ICO told the trust to train staff by no later than February 2015 on how to follow data procedures.

A spokesperson for NHC&C said: 'The trust takes seriously its responsibilities to protect all of the data that is held and, as a result of the incident, the trust immediately strengthened its controls.'

They added the trust was now 'working closely' with the ICO to develop its data protection systems.

Become a Supporter

This newspaper has been a central part of community life for many years. Our industry faces testing times, which is why we're asking for your support. Every contribution will help us continue to produce local journalism that makes a measurable difference to our community.

Become a Supporter
Comments powered by Disqus