As of 1 February 2015, the United Kingdom Information Commissioner's Office (“ICO”) has the right to subject public healthcare organizations to compulsory audits of their data protection compliance under Section 41A of the Data Protection Act 1998. The Secretary of State has expanded the scope of the ICO's compulsory audit rights to a wide group of National Health Service bodies all over the United Kingdom. This will enable the ICO to review how the National Health Service bodies handle their patients' personal information, data security measures, records management, staff training, data-sharing policies and procedures and internal cybersecurity governance.