recent work

St George’s Healthcare NHS Trust issued £60,000 penalty

St George’s Healthcare NHS Trust has been issued a £60,000 penalty after sensitive medical details were sent to the wrong address.

In May 2011, the Trust sent sensitive information in two letters – and although they were addressed to the correct recipient, the recipient had moved house and not lived at this address for almost 5 years.
Investigations proved that the recipient had provided the correct address and it had indeed been logged on NHS SPINE, the national care records service, in 2006.

Stephen Eckersley, the ICO’s Head of Enforcement, said:

“It’s hard to imagine a more distressing situation for a vulnerable person than the thought of their sensitive health information being sent to someone who had no reason to see it. This breach was clearly preventable and is the result of the Trust’s failure to make sure the contact details they have for their patients are accurate and up to date.

“This is the fourth monetary penalty we have issued to the NHS in the past two months. It is vital that these organisations make sure they have the necessary measures in place to keep patients’ details secure.”

The Trust has now taken action to make sure that the personal information they handle is kept secure. This includes making sure adequate checks are in place to ensure that local information the trust has for patients is correct, by cross checking that information against SPINE and other relevant sources.