On 1 February, the Information Commissioner was given powers to force NHS authorities to be audited for compliance with the Data Protection Act. The Information Commissioner will be able to subject NHS foundation trusts, GP surgeries, NHS Trusts and Community Healthcare Councils, and their equivalent bodies in Scotland, Wales and Northern Ireland to a compulsory audit. The audit will be able to review areas including security of data, records management, staff training and data sharing. These compulsory audits have previously only applied to central government departments. The new legislation will not apply to any private companies providing services within public healthcare.

Information Commissioner’s press release