Big fine for NHS trust over data leak

 

Martin Halfpenny
Friday 01 June 2012 18:37 EDT
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

An NHS trust has been fined £325,000 by a data protection watchdog after highly sensitive files of tens of thousands of patients, including details of HIV treatment, ended up being sold on eBay.

Brighton and Sussex University Hospitals NHS Trust was fined because it failed to ensure hard drives containing the information were wiped after they were handed over to a contractor. The fine from the Information Commissioner's Office (ICO) is the highest ever issued.

The Trust's IT service provider, Sussex Health Informatics Service, was asked to destroy information on 1,000 hard drives in 2010. They were held in a room accessed by key code at Brighton General Hospital.

But they handed the job to an unnamed individual sub-contractor who did not wipe out the drives and took at least 252 out of the hospital. The majority found their way on to the internet in October and November 2010. The sub-contractor was arrested by police but no charges were brought over the incident, the trust said.

The personal data included details of patients' medical conditions, such as sexually transmitted diseases and treatment, disability living allowance forms and children's reports.

Duncan Selbie, chief executive of Brighton and Sussex University Hospitals, said: "We dispute the Information Commissioner's findings, especially that we were reckless, a requirement for any fine. We simply cannot afford to pay a £325,000 fine and are therefore appealing."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in