This report by Steve McCaskill first appeared in April, but I just came across it now:
Personal details of 600,000 patients were sent to the US following a mistake made by the NHS’s IT provider, GE Healthcare.
GE Healthcare admitted to TechWeekEurope that the error had occurred after it had obtained more patient data than it had needed, but stressed that there was no need to worry.
“As a result of an internal review, GE Healthcare recently learned that we obtained more patient data from our diagnostic imaging products than we needed to perform services for our customers,” a company spokesman said. “We regularly obtain data to help ensure product reliability and to deliver related services.”
“We immediately undertook an extensive analysis using outside experts, and, based on that analysis, we are confident that this data was not lost, hacked, misused or stolen,” they added. “We have stopped receiving this unneeded data, and we are continuing to review our business processes for data privacy compliance. We take data privacy very seriously, and we are working hard to help ensure we have the best possible privacy processes in place to prevent this from happening again.”
It is reported that the data included ID numbers, initials, gender, height, weight, age and clinical information and that although the problem was discovered last year, the relevant watchdogs were not told until last month. Under the Data Protection Act, details cannot be sent outside the European Union without safeguards put in place.
Read more on TechWeekEurope.
Via Lexology.