By Helena Marttila-Bridge and Oliver Grazebrook

Earlier this month, the UK’s Information Commissioner’s Office (“ICO”) released statistics showing that over 25% of the 335 data breaches reported between 1 April 2013 and 30 June 2013 came from the health sector.  This comes as no surprise considering that the last 12 months have seen a string of widely reported data breaches in the health sector that have resulted in the ICO issuing fines.  For example, in July, NHS Surrey was fined £200,000 for selling a laptop containing confidential patient details over eBay.

One explanation for these high figures is the fact that the English health sector, unlike many other sectors, is subject to mandatory reporting obligations following data breaches.  These reporting obligations have recently been updated, and from June 2013 onwards all public health sector bodies as well as their processors processing health and adult social care personal data have been required to use the Information Governance Toolkit Incident Reporting Tool (the Guidance for which is available here) administered by the Department of Health (“DoH”) to report certain data breaches to the DoH and the ICO.  The Guidance contains a checklist intended to help healthcare organisations decide whether the data breach needs to be reported, based on factors such as the number of people and the sensitivity of the clinical data involved.
Continue Reading New ICO Statistics Show an Unhealthy Rise in Data breaches in the Healthcare Sector