Digital Transformation

NHS trust appeals against £90,000 data breach fine

Central London Community Healthcare NHS trust to appeal against punishment handed out by the ICO

A London NHS trust has announced its intentions to appeal against a £90,000 fine imposed by the Information Commissioner’s Office (ICO) for failing to properly protect the details of its patients.

With the first lapse in data security occurring in March last year, records regarding people’s medical conditions and other sensitive information were faxed to the wrong addresses by the Central London Community Healthcare NHS trust. 

The ICO found that this could have been avoided had the proper checks and balances been in place, and so the fine was imposed due to the trust’s lack of data protection measures that would have prevented such a breach.

"Patients rely on the NHS to keep their details safe," said Stephen Eckersley, head of enforcement for the ICO.

Indeed, with a loss of trust being one of the most damaging results that follows any exposure of people’s personal information, the risk is that the public could lose faith in the ability of the NHS to safeguard its records.

Yet despite its failure to secure patients’ details – and that the process of sending diagnoses to the wrong people was going on for three months before it was picked up – the trust has decided to appeal against the ICO’s fine.

A spokesman for the trust said: "We deeply regret that the Information Commissioner has decided to impose a fine and so we have instructed our lawyers to commence an appeal against this.

"We consider that the commissioner has acted incorrectly as a matter of law and so we have no alternative but to bring an appeal."

While it remains to be seen whether or not the trust will be successful in its appeal, the event highlights the dangers involved for both public and private bodies that fail to implement adequate data protection systems designed to protect people’s details – and the tough financial consequences that can result.