Hitchin doctors’ surgery handed £40,000 fine after confidential information about a female patient and her family was released to ex-partner
- Credit: Archant
A Hitchin doctors’ surgery has been fined £40,000 after confidential information about a female patient and her family was given to her ex-partner.
Regal Chambers in Bancroft was handed the five-figure fine by the Information Commissioner for a breach of the Data Protection Act.
The woman’s ex-partner had requested the medical records for the former couple’s son and was supplied with 62 pages of information – including her contact details, as well as those of her parents and an older child the man was not related to.
This information was given out despite express warnings from the woman that staff should take particular care to protect her details.
Publishing the outcome of an Information Commissioner’s Office investigation yesterday, the ICO found that the GP practice had insufficient systems in place to guard against releasing unauthorised personal data to people who were not entitled to see it.
You may also want to watch:
Steve Eckersley, the ICO’s head of enforcement, said: “Most people would be horrified to think the information they entrust to their GP was being treated with anything less than the utmost care. In this case a patient reinforced this, however her pleas went unheeded.
“When that information could have devastating consequences if released incorrectly, it is even more important that measures are robust.
- 1 Pair jailed for causing horror crash that injured 19
- 2 Motorhome and car involved in A505 crash
- 3 Detective hopes sentence 'sends clear message' after car cruise crash drivers jailed
- 4 Have your say on parking restriction plans
- 5 Application submitted for electric vehicle charging forecourt off A1(M)
- 6 Family plea to save eight-month-old pup Ellie
- 7 Colossal bath makes a splash in Hitchin
- 8 Harry in Hitchin? Speculation rises as film crews descend on outdoor pool
- 9 June 21: Will lifting of coronavirus lockdown restrictions still go ahead?
- 10 Do you recognise these people?
”There is no doubt that releasing this information would have caused great distress to the woman, her children and the rest of her family.”
The information was released in July 2014 in response to a subject access request, a formal way of requesting information under the Data Protection Act.
The person responsible for handling the request advised the child’s GP about it but, in the absence of a sufficient written procedure, went ahead and released everything. The ICO’s investigation found staff did not receive adequate guidance or supervision about what could be disclosed or should be withheld.
Mr Eckersley added: “In failing to ensure staff were properly equipped to safeguard against unauthorised disclosures, this medical practice placed a member of its team in the firing line.
“It was unfair to expect this person to deal with the potentially devastating fall-out created by sharing personal data wrongly. GPs could have protected staff by providing proper support, training and guidance. They did not do this.”
The ICO said the fine was £40,000 because the practice’s partners would be individually liable, but most organisations would expect to receive a much larger fine due to the serious nature of the breach.
A statement issued by the surgery’s partners said: “We would like to apologise for the error that occurred which resulted in third party data being shared with another third party.
“We take patient confidentiality very seriously indeed and as soon as this incident came to light, we self-referred to the Information Commissioner’s Office so that they could investigate.
“We have since provided all staff with further training and implemented new guidance in respect of the sharing of data. We would like to apologise again to the patient involved and their family.”