Source: BBC News
A Welsh health board has become the first NHS body to be fined for breaching the Data Protection Act after it released sensitive data about a patient to the wrong person.
Aneurin Bevan Health Board (ABHB) will have to pay a £70,000 penalty.
A doctor misspelt a name and did not give enough detail about a patient to his secretary, meaning a report was sent to someone with a similar name.
The board has apologised to the patient concerned.
The Information Commissioner’s Office (ICO) said the report contained explicit details relating to the patient’s health and represented a serious breach of the Data Protection Act.
The error occurred when the patient’s consultant emailed a letter to a secretary but did not provide enough information for the secretary to be able to identify the correct person.
The mistake was compounded by the doctor misspelling the patient’s name at one point, which resulted in the report being sent to a former patient with a very similar name in March last year.
An investigation by the ICO found neither member of staff had received training in data protection and there were inadequate checks in place within the board to ensure personal information was only sent to the correct recipient.
These poor practices were also used by other clinical and secretarial staff across the organisation.
Click here to read more