Following reports of a data breach at the London Clinic, the Information Commissioner’s Office (ICO) would like to remind all healthcare organisations about the importance of keeping patient data secure.

Patient data is highly sensitive information that must be handled with care. When accessing healthcare and other vital services, people need to trust that their medical information is safe and only available to authorised employees.

Healthcare organisations should ensure:

• Staff are thoroughly trained: Organisations should have data protection training in place that is role-specific, tailored and relevant to the tasks being completed. Staff should feel confident in handling people’s personal data safely and securely. It must be clear to staff about what records they are allowed to access.
• Appropriate technical measures are in place: Appropriate measures, such as passwords and access controls, should be in place to ensure personal information can only be seen by people who need to use it.
• Staff are clear on the data breach reporting process: An organisation must report misuse of personal data to the ICO if there is a risk to people’s rights and freedoms, which is often the case with sensitive medical information. This must be reported within 72 hours of becoming aware of the breach. More information on breach reporting here.

Find out more here.