The news comes despite a number of fines issued by the data watchdog in this area, including Brighton and Sussex University Hospitals receiving a penalty in 2012 after IT equipment with patient data on it showed up on online auction sites.
Despite this, it seems a number of Trusts still do not comply with ICO safety guidelines and lack measures to prevent IT disposal-related security breaches occurring.
The FOI request received responses from 151 NHS bodies and of these, 25% lack a policy for IT asset disposal. Besides this, 27% did not have a contract with a disposal partner and 37% said partners had not been audited.
However, all of the above are breaching ICO requirements.
“Two of the largest fines from the ICO have been levied against NHS trusts as a result of data breaches from asset disposal,” said Mellings, speaking to a UK channel publication.
“The ICO has fired two clear messages to this sector to get its house in order,” he added.
Mellings went on to say that ADISA help the ICO write up the guidelines as the very minimum for companies to work towards. He called it “disappointing” that the NHS was not fully complying.