South Tees NHS Trust Reprimanded for Data Breach

Overview: The Information Commissioner’s Office (ICO) has issued a reprimand to South Tees Hospitals NHS Foundation Trust following a data breach in November 2022.

Incident Details

In November 2022 a Trust employee mistakenly sent an appointment letter containing sensitive patient information to an unauthorized family member due to human error. The misdirected correspondence revealed confidential details, causing significant distress to the individuals involved.

ICO Investigation Findings

The ICO’s investigation confirmed the breach was the result of human error and identified that the Trust had not fully and appropriately prepared staff for dealing with particularly sensitive correspondence. No evidence of malicious intent was found, but the lapse highlighted deficiencies in training and procedural safeguards.

“This breach resulted in extremely sensitive information being passed to the wrong person. This was a serious, harmful incident that has understandably caused upset to the individuals involved and such an error must never be repeated.”

“This breach highlights how even seemingly minor errors can have very serious consequences. To other organisations handling similarly sensitive data, this shows just how important proper training and procedures are in preventing mistakes.”

Required Actions

Under data protection law, organisations must have appropriate technical and organisational safeguards to ensure personal data is kept secure and not inadvertently disclosed. To address the breach, South Tees Hospitals NHS Foundation Trust must:

• Implement robust standard operating procedures for handling all patient correspondence.
• Deliver comprehensive staff training focused on data protection and confidentiality.
• Conduct regular audits of data handling processes to minimise future risks.

By adopting these measures, the Trust can strengthen its data security framework, restore public trust, and protect patient confidentiality moving forward.