Healthcare professionals and managers working in the Sheffield region are being warned of the grave consequences of allowing confidential patient or staff data to go astray.
Damaged reputations and fines of up to £500,000 could result from breaches of information security, says Scott Sanderson, healthcare sector manager for Sheffield independent chartered accountants and specialist business advisors Hawsons, of Glossop Road.
He points out that instances of fines imposed by the Information Commissioner’s Office (ICO) underline the dangers – £55,000 for faxes of patient data sent to the wrong person, £200,000 for patient data found on second-hand PCs sold on e-bay, £60,000 for letters containing patient data sent to the wrong recipients and £225,000 for confidential paper records of patient data left in an unattended site which was not physically secured.
Scott adds: “It is especially important to know that when you outsource the processing of personal data, whether it is patient or staff data, the responsibility for the security of that data remains with you and it is your organisation that is fined or reprimanded in the event of a data loss. In short, you can’t outsource your information security responsibilities.”
The best practice way to reduce the risk of data loss and bad publicity, he says, is to implement an Information Security Management System (ISMS), which is a documented, systematic and methodical way of identifying and managing the risks and educating your staff so that you and your patients know that their data is being cared for in the right way.