Health Service Journal calls attention to two breaches that occurred in October involving the South Central Strategic Health Authority (SHA) of NHS South of England.
According to the December board minutes:
The [first] incident occurred in the human resources team in October 2011. The hard copy personnel file was removed from the secure human resources storage area for case work and has not been accounted for / is deemed to be missing. The NHS South of England Senior Information Risk Officer considers that the incident should be classified as a serious untoward incident, and subsequent action has been taken to strengthen controls in the human resources team surrounding the safeguarding of personnel files. The Strategic Health Authority has apologised to the individual concerned.
The [second] incident occurred in the workforce analysis team in October 2011. An email containing sensitive personnel data relating to pathology staff (1822 in total) in the South Central region was mistakenly sent to a clinical reference group. The South of England Senior Information Risk Officer has deemed the incident to be a serious untoward incident. Due to the severity of the incident, the Strategic Health Authority has reported the incident to the Department of Health and the Information Commissioner’s Office. The Strategic Health Authority has also notified the Chief Executives of the relevant Trusts and Primary Care Trusts, and provided them with step-by-step details of the actions to take. At the time of writing, the Information Commissioner’s Office has yet to contact the Strategic Health Authority. The Strategic Health Authority has taken subsequent action to strengthen controls in the workforce analysis team.