Information Commissioner raps Birmingham NHS for poor IT security

Information Commissioner raps Birmingham NHS for poor IT security

Staff at three Trusts could have accessed personal information on a shared network

Article comments

The Information Commissioner’s Office (ICO) has revealed that NHS Birmingham East and North breached the Data Protection Act by failing to have the security measures in place to restrict access to confidential files on its IT network.

Electronic files containing personal information relating to thousands of individuals, including NHS employees, were at risk of being accessed by some of the Trust’s staff, as well as by staff at two other nearby Trusts.

While health records were not compromised, some files also contained high level information about patients.

NHS Birmingham East and North reported the breach to the ICO in September 2010 after it found that electronic files stored on the shared IT network could have been accessed by employees.

Following an investigation, the ICO found that some security restrictions were in place, and that most files were not easily accessible, but concluded that file security in general was inadequate.

Sally-Anne Poole, acting head of enforcement, said: "It’s vitally important that IT networks storing personal information have robust security measures in place.

"Whilst nobody outside of the Trust environment was able to access the files, problems with the security of the network still led to a situation where sensitive information was potentially available to NHS staff that did not need it to carry out their daily role."

The Trust has since signed an undertaking to ensure that comprehensive policies about the storage and use of personal data are put in place, and that proper technical security measures are implemented to prevent unauthorised access to personal data in the future.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *