A medical centre data breach has led to a huge fine from the UK’s data watchdog, the Information Commissioner’s Office (ICO).
Medical centres and medical practices must, at all times, ensure the data they hold is safe and secure given the nature of the data they’re in charge of. Any failure to uphold this important duty can lead to huge fines and legal action to claim data breach compensation for the victims.
London-based Bayswater Medical Centre left medical records and personal medical data exposed in an old address for over 18 months, leaving them with a justifiable fine of £35,000.00
Bayswater Medical Centre data breach ICO report
According to the ICO report, the Bayswater Medical Centre data breach stemmed from the practice moving to a new address and using the old address as a storage facility. The old address was secured by nothing more than a single lock (no alarm), and windows that were reportedly ajar could have allowed easy access to anyone.
Medical records and sensitive information was reportedly visible through windows.
Chances to resolve the issue ignored
Another GP practice had expressed an interest in taking over the premises and were given access to the building. The potential new proprietors warned the Bayswater Medical Centre about the lack of security over the records that were being stored there, particularly when contractors reportedly had access to the premises for the purposes of the take-over.
These warnings, it appears, were simply ignored.
The data stored insecurely on the premises included medical records, prescription information and patient-identifiable medicine. The premises was actually broken into shortly after records were removed.
A lack of respect for the sanctity of medical data
The Bayswater Medical Centre data breach case is a clear example of a clear lack of respect for the sanctity of medical data. There’s simply no excuse for leaving such personal and sensitive medical data exposed for so long, and a medical centre ought to know better and ought to know that their duty is to protect medical records.
Medical data is already one of the most breached types of data. These kinds of totally avoidable and unforgivable incidents make the situation worse.
It’s cases like this that lead to medical data breach compensation claims where victims have to claim for their data rights being violated when the breach could have been easily prevented in the first place.
Frankly, this should never have happened at all.