Medical records found abandoned in garden

HOSPITAL records for more than 60 patients were found dumped in a garden in Newcastle.

The pages from an accident and emergency ward register, which contained sensitive information on patients' physical and mental health, were lost during an office move at Macclesfield District General Hospital in March.

East Cheshire NHS Trust, which runs the hospital, has now agreed to improve its security after being found in breach of the Data Protection Act.

An investigation by the Information Commissioner's Office (ICO) found that an external company had been hired, without a written contract, to clear out rubbish from disused offices at the hospital.

Boxes of documents were disposed of in open skips, and once the trust became aware of this it failed to react in time to prevent the loss of some of the records.

Neither the ICO or the trust could explain how the documents ended up in a Newcastle garden, about 20 miles from the hospital in Macclesfield.

The trust, which also runs Congleton War Memorial Hospital, has now signed an undertaking to assure the ICO that personal data will be kept more securely in the future.

Mick Gorrill, Assistant Information Commissioner at the ICO, said: "It is vital that sensitive personal information, such as patient information, is handled securely. This is an important principle of the Data Protection Act.

"Organisations must implement appropriate safeguards to ensure personal details about patients are stored and disposed of securely."

John Wilbraham, chief executive of the trust, has agreed to ensure that from now on, external contractors will have to sign a written contract requiring them to keep personal information securely. Staff will also be made aware of, and receive training on, the trust's policy for the storage and use of personal information.

The trust has agreed to ensure other security measures deemed necessary are implemented to protect data from unauthorised and unlawful processing, accidental loss, destruction or damage.

Mr Wilbraham said: "As soon as we were made aware of this, we informed the Information Commissioner's Office and fully cooperated with the review that followed. "

"The trust takes the safeguarding of personal information very seriously and an extensive review of the data protection systems and procedures within our hospitals has taken place to establish what further improvements can be made, including compulsory staff training on the policy for storage of personal information."

Boxes of documents were disposed of in open skips, and once the trust became aware of this it failed to react in time to prevent the loss of some of the records.

Neither the ICO or the trust could explain how the documents ended up in a Newcastle garden, about 20 miles from the hospital in Macclesfield.

The trust, which also runs Congleton War Memorial Hospital, has now signed an undertaking to assure the ICO that personal data will be kept more securely in the future.

Mick Gorrill, Assistant Information Commissioner at the ICO, said: "It is vital that sensitive personal information, such as patient information, is handled securely. This is an important principle of the Data Protection Act.

"Organisations must implement appropriate safeguards to ensure personal details about patients are stored and disposed of securely."

John Wilbraham, chief executive of the trust, has agreed to ensure that from now on, external contractors will have to sign a written contract requiring them to keep personal information securely. Staff will also be made aware of, and receive training on, the trust's policy for the storage and use of personal information.

The trust has agreed to ensure other security measures deemed necessary are implemented to protect data from unauthorised and unlawful processing, accidental loss, destruction or damage.

Mr Wilbraham said: "As soon as we were made aware of this, we informed the Information Commissioner's Office and fully cooperated with the review that followed. "

"The trust takes the safeguarding of personal information very seriously and an extensive review of the data protection systems and procedures within our hospitals has taken place to establish what further improvements can be made, including compulsory staff training on the policy for storage of personal information."

More health stories:

'Fat city' campaign gets off to a heavyweight start