This site is intended for health professionals only

Warning over paper systems security

18 April 2011

Share this article

The safety of paper-based security systems has been thrown into the spotlight after a number of data law breaches by healthcare bodies in the UK.

The Information Commissioner’s Office (ICO) has issued a warning to organisations over the safety of paper systems after revealing the details of two recent cases.

The ICO said that NHS Liverpool Community Health breached the Data Protection Act when it lost papers relating to the medical history of 31 children and their mothers during a premises move last October.

An ICO probe found that the organisation had not entered into a formal contract with the removal firm over the handling of personal data – despite it being a requirement of the Act.

Measures had not been implemented to make sure that the data was kept safe during the move, the ICO also found.

Another case investigated by the ICO involved the Council for Healthcare Regulatory Excellence (CHRE). The ICO found that CHRE had breached data laws by potentially losing documents containing sensitive personal data from complaint review files.

The ICO said CHRE did not know if the data were lost or ever received, highlighting weaknesses in data handing over the issue.

Sally Anne Poole, the ICO’s acting head of enforcement, said: “These incidents highlight significant weaknesses in both organisations’ data handling procedures.

“These incidents should act as a warning to other organisations who handle sensitive papers of the need to make sure their paper records management processes are as robust as their electronic data systems. The protection of data in all formats must be taken seriously.”

She added Poole that both organisations had now agreed to review existing security procedures and processes.

Copyright © Press Association 2011