ICO News

Women affected by hospital data breach offered support – Basingstoke Gazette


THE trust which runs Basingstoke hospital has now apologised for the distress caused to the mothers whose personal information was published online, and said it will offer them support.

As reported in the Gazette, personal information about women whose babies were stillborn was published online by Hampshire Hospitals NHS Foundation Trust (HHFT), including details about previous miscarriages and pregnancy terminations.

The matter came to light after the Gazette saw the information in a report on stillbirths on HHFT’s website, and noticed it was listed as ‘restricted’.

Realising the information was personal and could potentially lead to the women being identified, we informed HHFT and waited until it had removed the papers before publishing any articles.

The trust reported the possible data breach to the Information Commissioner’s Office (ICO) yesterday.

The trust has now issued a statement apologising to those affected, and said it will offer them support.

Malcolm Ace, chief financial officer and senior information risk officer for HHFT, said: “The privacy of our patients is of the utmost importance to the trust and we are taking this matter very seriously.

“While no names or addresses were shared, in view of the sensitive nature of the information, we have referred it to the Information Commissioner’s Office (ICO) as a potential breach of the Data Protection Act 2018. We will act quickly on any and all recommendations given by the ICO.

“We apologise for any distress caused. The three women whose experiences were noted in the report are being contacted by our team, and support is being offered to them.”

The information, which was available online for a number of weeks, was freely available to anyone and could be downloaded or printed.

Three reviews were published in two different documents in June and July, providing details including the date and time of the stillbirth, the women’s age and BMI, the gender and weight of their baby, and detailed medical history including previous miscarriages and pregnancy terminations, as well as an in-depth report of their pregnancy and birth.

A spokesperson for the ICO said: “People’s medical data is highly sensitive information, not only do people expect it to be handled carefully and securely, organisations also have a responsibility under the law.

“When a data incident occurs, we would expect an organisation to consider whether it is appropriate to contact the people affected, and to consider whether there are any steps that can be taken to protect them from any potential adverse effects.

“Hampshire Hospitals NHS Foundation Trust has made us aware of an incident and we will be making enquiries.”





READ SOURCE

Leave a Reply