Tough pill for NHS to swallowPosted on January 12th, 2012 2 comments
The news that a NHS hospital is staring down the barrels of a massive £375,000 fine for ‘losing’ hard drives containing patients details has prompted a good deal of comment, and I’m sure will provoke a whole lot more.
The BBC report the story [here] saying the Trust will be challenging the level of the fine.
Experts in the field have been saying that it was only a matter of time before the Information Commissioner flexed his new powers and gave an organisation a good financial thrashing.
Some people are concerned that these fines, if they are eventually levied, shouldn’t be too onerous because they will take money away from patient care.
It is an argument, but not one that I agree with. Why not?
Firstly, organisations for too long have relegated DP and Information Governance concerns to the bottom of the pile, the responsibility of those “beardy people” in the computer basement. We know it’s much more important than that, and should be as integral to the good running of a hospital as making sure they have clean scalpels.
Secondly people are concerned that the money disappears from the public sector. It doesn’t, in fact it just gets recycled around via the Consolidation Fund back into the public purse, albeit the institution that is paying may suffer some short-term financial hardship.
Here is where my proposed amendment to the Act comes in. If the driver behind these fines is to make sure that hospitals and other organisations abide by good practice the fines should be levied on the executives NOT the organisation.
I say this from bitter experience of having the misfortune to deal with too many FoI officers who were shunted into the job and then given no support from their organisation.
When I started asking FoI questions and then appealing nonsense responses I would sometimes get a call from a beleaguered officer pleading with me not to drop my case. They were desperate for me to appeal to the ICO so that their executives would feel the commissioner’s hot breath on their necks.
I’m not saying this took place with my requests to this hospital trust, but there are organisations still out there that seem to have nothing but contempt for FoI and DP. What they need, and what those organisations’ FoI officers need is a nice big fine to land on the chief executive’s desk.
The BBC story quotes Duncan Selbie, the chief executive of the Brighton and Sussex University Hospital Trust as saying: “As soon as we were alerted to this, we informed the police and with their help we recovered all the hard drives.
“We are confident that there is a very low risk of any of the data from them having passed into the public domain.”
Some might say that Mr Selbie, who was paid £200,000 last year to run the Trust, would say that.
Here is my new policy. As well as fining the organisation the Information Commissioner should be able to rule that nobody working in the DP or FoI sections of that organisation is allowed to earn less than one-fifth of the Chief Executive. That, I think, would concentrate minds.
2 responses to “Tough pill for NHS to swallow”
We only have media reports to go on with the Brighton story until we get the outcome of the monetary penalties case. However, the BBC reports say that some of the drives ended up on eBay. So it might be a “very low risk” in the Chief Executive’s view, but that doesn’t sound a risk that many people would want their data to be subjected to.
This is what the trust said about the incident in its Annual Report:
There was one incident involving data that required disclosure further to the Department of Health’s information governance assurance requirements. The incident, which involved the theft of computer hardware by an individual, is currently the subject of a criminal investigation. The Trust and NHS Counter Fraud are assisting this process. In the meantime, the Trust has provided an undertaking to the Information Commissioner that it is taking all appropriate steps to mitigate the risk of such an act occurring in the future.
But I agree flogging them off on eBay, if true, does not in my opinion qualify for ‘low risk’.
Leave a reply