ICO to audit NHS authorities

Date: 2015-02-09

The Information Commissioner’s Office (ICO) now has the right to audit NHS foundation trusts, GP surgeries, NHS trusts and community healthcare councils to ensure they comply with the Data Protection Act.

The move follows a Designation Order ruling that the information commissioner may serve notice to public authorities – including National Health Service organisations – in conjunction with section 41A of the Data Protection Act 1998. Previously, the ICO were only able to investigate central government departments but the law now applies to all public healthcare organisations.

“The National Health Service holds some of the most sensitive personal information available but, instead of leading the way in how it looks after that information, the NHS is one of the worst performers. This is a major cause for concern,” Christopher Graham, the information commissioner.

To date, NHS organisations have received fines of over £1.3m for data protection breaches, improperly disposing of confidential information and sharing private data without consent.

“Time and time again we see data breaches caused by poor procedures and insufficient training. It simply isn’t good enough.” Continued Graham.

Audits will investigate how NHS authorities use patient information, including data security standards, record management, data sharing and staff training.

Jonathan Richardson, managing director at Russell Richardson commented, “The National Health Service hold data for just about every one of us and we trust them with some of our most personal information. As patients, we quite rightly expect this information to be held safely and disposed of securely. Russell Richardson have been providing cost effective solutions to the health sector for many years, ensuring data protection compliance for our clients and peace of mind for their patients. We are still shocked by the number of health authorities who are innocently unaware of what is needed to keep compliant but are always happy to help with advice and suggestions.”

With over 35 years’ experience, Russell Richardson are experts in secure data destruction. Services include confidential document shredding and recycling and also secure corporate IT, mobile device and WEEE recycling solutions.