Health boards breached data protection laws
27 Nov 08
ICO orders compliance after medical records found at disused sites
Two health boards have been found in breach of data protection laws after patient information was left at former hospital sites.
The Information Commissioner’s Office (ICO) was alerted to the data breaches after members of the public found confidential health records at Strathmartine Hospital in Dundee and the Law Hospital in Carluke, Lanarkshire.
NHS Tayside and NHS Lanarkshire have been ordered to sign formal undertakings to comply with the Data Protection Act. They must also follow the recommendations, such as not storing health records in disused buildings, disposing of information that is no longer needed, and training all staff in data protection and information management. Any further breach could result in prosecution.
Ken Macdonald, the assistant information commissioner for Scotland at ICO, said health records contained particularly sensitive information and should be stored properly.