The Information Commissioner’s Office (ICO) has ordered Grampian Health Board (NHS Grampian) to take action to make sure patients’ information is better protected.

By Kelson Conteh

The warning comes after six data breaches within a thirteenth month period where papers containing sensitive personal data were left abandoned in public areas of the hospital and one case where the information was found at a local supermarket. All of the papers were returned to staff, with the final incident occurring on 28 March 2014.

The ICO’s investigation found the same mistakes continued to occur because NHS Grampian didn’t have an information register identifying the personal information held and the department responsible for looking after it. This gap in their procedures resulted in the organisation failing to take sufficient remedial action. The ICO had previously alerted NHS Grampian to this oversight during an audit carried out in December 2011, but the organisation failed to act.

Information Commissioner for Scotland, Ken MacDonald had said: “If any further breeches occur, we do not rule out taking further regulatory action, including fining the organisation up to £500,000.”

The ICO’s enforcement notice requires the organisation to produce a high level information asset register by 22 June 2015. The register must explain which areas of the organisation are responsible for keeping the personal information they handle, secure.

#nhs #news #health #scotland