The organisation’s annual report for 2008-09 reveals that the information, including the names, addresses, NHS numbers, dates of birth and clinical data of about 100 patients, were disclosed without authorisation in October last year.
In a statement to GC News NHS Direct said that this happened when a spreadsheet was emailed to three people in error. The recipients were two project managers working in separate parts of the NHS as well as an NHS Direct staff member.
“The staff involved acted immediately and the incident was realised and contained within 12 hours and the data deleted,” said a spokesperson for NHS Direct. “None of the information went into the public domain and the incident was reported to the information commissioner.”
Read more on Kable.