WIREDGOV

The Information Commissioner has welcomed a change in the law that will give his office the right to force NHS authorities to be audited for compliance with the Data Protection Act.  Compulsory audits have previously only applied to central government departments.  The audits review how the NHS handles patients' personal information, and can review areas including security of data, records management, staff training and data sharing.

The ICO will be able to assess data protection by NHS foundation trusts, GP surgeries, NHS Trusts and Community Healthcare Councils, and their equivalent bodies in Scotland, Wales and Northern Ireland under section 41A of the DP Act.  The new legislation will not apply to any private companies providing services within public healthcare.

• ICO given new powers to force NHS authorities to be audited for compliance with the DP Act
• ICO reports on community healthcare providers’ data handling
• Scottish health board ordered to improve after people’s details left abandoned
• Health sector data protection audits highlight areas for improvement
• GP practices: good overall compliance with DP Act, but still areas to improve on
• ICO fines NHS Surrey for failing to check the destruction of old computers
• Fax blunder leads to £55,000 penalty for Staffordshire trust
• Patients details left abandoned in Stockport as ICO highlights need for better decommissioning practices
• Sensitive details of NHS staff published by Trust in Devon
• ICO takes action after medical examination results are sent to the wrong address
• London NHS Trust fined £90,000
• ICO:  Outsourcing a task does not mean an end to an organisation's legal responsibility
• Latest 5-Step Guide: How to Keep Your Data Breach-Free
• Are you ‘Appy’ about the uses your personal data are put too?
• ICO ‘on the ball’, but do individual ‘responsible managers’ ever get disciplined?
• Take note NHS! (7^th item)
• Added to which, lack of experience could make mistakes more likely (11^th item)
• ICO:  It’s not just the bad publicity, the ICO could fine an organisation as well (4^th item)