Imperial College Healthcare NHS Foundation Trust has become the latest NHS organisation to be required to sign an undertaking not to breach the Data Protection Act by the Information Commissioner’s Office. The undertaking says six laptops were stolen in two burglaries at St Mary’s Hospital, one of which was unencrypted even though it held patient…
Category: Health Data
Imperial breaches the DPA
Imperial College Healthcare NHS Foundation Trust has become the latest NHS organisation to be required to sign an undertaking not to breach the Data Protection Act by the Information Commissioner’s Office. The undertaking says six laptops were stolen in two burglaries at St Mary’s Hospital, one of which was unencrypted even though it held patient details….
NHS Direct wrongly emailed patients' data
The organisation’s annual report for 2008-09 reveals that the information, including the names, addresses, NHS numbers, dates of birth and clinical data of about 100 patients, were disclosed without authorisation in October last year. In a statement to GC News NHS Direct said that this happened when a spreadsheet was emailed to three people in…
Carrell Clinic guard indicted
A federal grand jury in Dallas has returned an indictment charging an Arlington, Texas, man, who worked as a contract security guard at the Carrell Clinic on North Central Expressway in Dallas, with felony offenses related to his compromising and damaging the hospital’s computer system, announced Acting U.S. Attorney James T. Jacks of the Northern…
ICO: NHS Lothian to improve security
NHS employees failed to comply with data security requirements according to an Undertaking, signed by James Barbour, the Chief Executive of NHS Lothian. The Information Commissioner’s Office (ICO) has found NHS Lothian in breach of the Data Protection Act after an unencrypted memory stick was lost and some paper files were temporarily left in a…
When is personal data truly de-identified?
The U.S. Department of Health and Human Services (HHS) is about to rule whether health care entities will need to notify patients if their de-identified data — patient data that has been stripped of all potential for identifying individuals, which is often used for research and development — is breached. As it stands now, de-identified…