The Information Commissioner’s Office reports that an undertaking has been signed today by Royal Liverpool and Broadgreen University Hospitals NHS Trust.
The trust breached the Data Protection Act by losing the personal information of 49 patients in two separate incidents earlier this year. In one case a member of the public found a handover sheet containing names and clinical data for 22 patients in a street in the Liverpool area. Just five months later, a medical bag was stolen from a member of staff’s car containing papers relating to 27 patients treated at a community clinic.
Royal Liverpool and Broadgreen University Hospitals NHS Trust has now agreed to make significant improvements to the way it keeps information secure. The trust will also undergo an audit from the ICO in order to further improve their compliance with the Act.