data breach

Innocent Patients Could Suffer As A Result Of Major NHS Data Breach Fines

on 05/11/2012 · No Comments">No Comments · in Business, Digital, News

Financial penalties imposed on the NHS due to data breaches has sparked some concern over the impact that this might have on patient care.  Hitting the bottom line of the NHS usually means compensation from other areas of the organisation, namely patient services.

The UK’s information watchdog however, has defended the use of monetary penalties, insisting it does take into account what an organisation can afford to pay.

Case Study

Whilst several NHS bodies have faced fines from the ICO in recent months, the largest was Brighton and Sussex University Hospitals NHS Trust in June, who received a £325,000 penalty. This was because hard drives were sold online which contained sensitive data on tens of thousands of patients and staff.

The trust has now dropped an appeal and has paid a total of £260,000 after receiving an early payment discount. However its chief executive did try to argue that it could not afford the fine “in a time of austerity.”  Arguably, this money would be better spent on customer services.

Expert reactions

Reacting to the NHS penalties, confidentiality expert Christopher Fincken had said it was “quite wrong” that fines imposed on NHS bodies “effectively come out of funding patient care”.  He said there needed to be an alternative to penalising “the innocent patient” for the failings of NHS bodies.

However he also said that:

“fines, which are imposed for serious breaches of the Data Protection Act, acted as a very important way to discourage others from making the same data protection mistakes”.

The ICO’s reaction to NHS penalties and the concern that patients could lose out from such fines, a spokesperson said it did take into account a number of factors in determining appropriate penalties:

“The sector, size, financial and other resources of the data controller and the nature and impact of the breach will all be considered before determining the amount of a monetary penalty.”

“The nature of a civil monetary penalty against an NHS body is that the fine does come from taxpayers’ money, but it is important to realise that the money stays in the public purse, and is paid into the Treasury’s Consolidated Fund.  Nothing is kept by the Information Commissioner’s Office.”

About

 

Comments are closed.