A data protection breach at private healthcare firm Diagnostic Health may have left up to 10,000 NHS patients’ information at risk.
The ICO document is also said to show that the firm was aware it was breaching data protection guidelines from this time, but continued to add information to its database until July.
The Care Quality Commission (CQC) watchdog was the first to become aware of the problem, passing information onto Stafford and Surrounds CCG (clinical commissioning group) as it commissioned services from Diagnostic Health.
The CCG said it conducted an investigation that revealed “concerns of a serious nature” and so it referred the case to the ICO.
Problems that are said to come to light in the organisation’s report include failure to report a stolen company laptop, shared company passwords, emails containing sensitive data sent directly to staff inboxes and a lack of audit trail of who accessed the system and when.
Diagnostic Health claimed that following the allegations, it voluntarily suspended its services – which include carrying out ultrasound scans for NHS organisations.
“We have worked transparently with our NHS commissioning client throughout the process and can confirm that they are satisfied with all steps taken moving forward,” claimed Jonathan Leonard, the firm’s founder, speaking to the UK press.
“As a result, our lead commissioner, has confirmed that they are once again happy for us to resume providing services for their patients and others are in the process of agreeing the same,” he added.