NHS to face compulsory data protection audits by law

The Information Commissioner's Office (ICO) now has the power to carry out compulsory data audits within NHS organisations

Doctor NHS

NHS organisations could now find themselves facing compulsory Data Protection Act audits from The Information Commissioner's Office (ICO), thanks to a recent change in the law.

The new legislation came into force on 1 February and allows the ICO to carry out compulsory data protection audits against NHS Trusts, GP surgeries and Community Healthcare Councils for the first time.

Private companies that provide services within the NHS will be exempt from taking part in compulsory audits.

The aim of the audits is to ascertain how NHS organisations handle patients' personal data, in terms of how it is secured, recorded, shared and how well trained staff are in protecting it.

Previously, the data protection watchdog only had the authority to carry out these types of data protection assessments on central government departments.

The NHS has traditionally had a hit and miss approach to data protection matters, with recent ICO figures revealing a massive spike in data breaches affecting the healthcare sector over the past 12 months.

Furthermore, the NHS was famously hit with a record data protection fine in 2012 totalling 325,000 after a Trust accidentally disclosed personal information belonging to thousands of staff and patients.

The data was found on hard drives sold via an internet auction site in 2010.

To date, the ICO has levied fines totalling 1.3 million against NHS organisations.

Christopher Graham, the Information Commissioner, said in a statement the NHS is one of the worst offenders for failing to keep personal data secured.

"The Health Service holds some of the most sensitive personal information available, but instead of leading the way in how it looks after that information, the NHS is one of the worst performers. This is a major cause for concern," Graham said. "Time and time again we see data breaches caused by poor procedures and insufficient training. It simply isn't good enough. "We fine these organisations when they get it wrong, but this new power to force our way into the worst performing parts of the health sector will give us a chance to act before a breach happens. It's a reassuring step for patients," he added.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

MPs turn on the ICO over contact-tracing fiasco
Information Commissioner

MPs turn on the ICO over contact-tracing fiasco

21 Aug 2020
NHS flooded with 40,000 spam emails during coronavirus crisis
phishing

NHS flooded with 40,000 spam emails during coronavirus crisis

12 Aug 2020
ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
What is the Information Commissioner’s Office (ICO)?
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

15 Apr 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020