A hospital trust has been told off by the Information Commissioner after leaving thousands of patient records in an unsecured room for two years.
Epsom and St Helier NHS Trust was left red-faced in February when the Sutton Guardian revealed confidential medical records had been left in an unlocked boiler room at Sutton Hospital.
The Information Commissioner’s Office (ICO) investigated and last week reprimanded the trust for a breach of the Data Protection Act.
Though the trust claimed it had been investigating the matter before it was reported by the Sutton Guardian, the trust only told the ICO about the blunder the day after our story was published.
We reported five months ago that the leaky boiler room was housing thousands of patient records, including names, addresses and full medical histories of individuals treated at the hospital.
The boiler room housed old filing cabinets and appeared to be the base for workmen carrying out maintenance work.
A trust spokeswoman said: “We reported the incident to the Information Commissioner’s Office on February 13 and would have done so regardless of any media coverage.”
Five other NHS trusts were reprimanded along with Epsom and St Helier by the commission.
Sally-Anne Poole, head of enforcement and investigations at the ICO, said: “These five cases serve as a reminder to all NHS organisations that sensitive patient information is not always being handled with adequate security.
"It is important that staff adhere to policies designed to protect individuals’ sensitive information.”
The trust recently signed an undertaking with the commission obliging them to process personal information in line with the Data Protection Act and to report any breaches.
A trust spokeswoman said: “In February it was brought to our attention that a number of patient notes had been left outside a storage area, rather than being locked away safely.
"Immediately after it was reported, the notes were moved to a secure location and a full investigation was launched.
“Following the investigation, the trust revised the way health records are retained and destroyed, in line with 2009 Department of Health guidelines. As an ongoing part of this work, we are examining the management of all the archive stores and making further improvements where necessary.”
Comments: Our rules
We want our comments to be a lively and valuable part of our community - a place where readers can debate and engage with the most important local issues. The ability to comment on our stories is a privilege, not a right, however, and that privilege may be withdrawn if it is abused or misused.
Please report any comments that break our rules.
Read the rules here