The Care Quality Commission (CQC) has lost up to 500 disclosure and barring service (DBS) certificates for people who had applied to become registered managers and providers.
During a planned refurbishment of its office in Newcastle earlier this month, the CQC reported that a locked filing cabinet containing DBS certificates was “wrongly marked for removal and destruction”.
The serious incident report said that an agreement between CQC, the project management company and the removals service stated that any cabinets which were marked for removal or needed moving and found to be locked should be forced open and the contents left in the CQC office.
However, when the DBS team returned to work on Monday 11th July they found their cabinet missing with two out of six lever arch files containing copies of DBS certificates on top of another, nearby cabinet.
The other four files, containing copies of DBS certificates, could not be located.
As soon as CQC became aware that the DBS files had been lost, an investigation was carried out.
But, the report says: “Despite comprehensive searches both internally and externally, the missing files cannot be located.”
While the CQC is not ruling out theft, the regulator considers it to be “a very low likelihood”.
“Should the information contained in the missing folders fall into unscrupulous hands then is has the potential to cause further harm and distress to the individual data subjects,” the report addes.
The CQC has written to those affected, and it has reported the incident to the DBS authority, the Department of Health and the Information Commissioner’s Office.
In addition, CQC intends to commission an independent, external review of CQC’s security arrangements more generally.
David Behan, chief executive of the Care Quality Commission said: “I would like to apologise to the individuals whose DBS certificates have been lost during the recent refurbishment of our office in Newcastle and for any distress this may cause. I deeply regret that this has happened.
“As soon as we became aware of the loss of the files, we carried out a thorough internal investigation to find out exactly what happened and we alerted the relevant authorities, including the Information Commissioner’s Office.
“I intend to commission an independent, external review of CQC’s security arrangements in case wider lessons can be learned and so that we can be confident that something like this does not happen again.”
The incident affects those who had applied to become registered managers and providers between July 2015 and March 2016.
CQC has used an online system since April 2016, which has removed the need for paper copies to be retained.