Bayswater Medical Centre (BMC) in London is licking its wounds after taking a not insignificant punch to the wallet for discarding highly sensitive medical information in an empty building for a year and a half.
NHS Barnet reveals 187 breaches of personal dataREAD MORE
The Information Commissioner's Office (ICO) said today the data included medical records, prescriptions and patient identifiable medicine. It was left unsecured when BMC vacated its surgery but used the premises as a storage dump from July 2015.
The following year, reps from another GP practice took over the lease, discovered the unsecured medical records and told the BMC, but the BMC made no effort to scoop up that information, despite repeated warnings from the other surgery and a local Clinical Commissioning Group.
Officers from NHS England paid a visit to the site in February 2017 and found a "large quantity" of the data left on decks, in unlocked cabinets and in bins. The BMC was ordered to send in the cleaners, so to speak.
ICO fines NHS trust £185K for publicly airing personnel filesREAD MORE
The severity of this breach "merited" a fine of £80,000, said the ICO, but this was cut to £35,000 after the BMC's ability to cough payment was considered.
"It is our duty to stand up for people's data right[s] and to ensure that their sensitive personal information is protected," said ICO head of enforcement Steve Eckersley.
"Out of sight is definitely not out of mind. We don't want anyone to think that they can avoid the law or their duties by abandoning personal data in empty buildings," he added. ®
Sponsored: Webcast: Simplify data protection on AWS