Aneurin Bevan Health Board has become the first NHS body to receive a fine for breaching the Data Protection Act, after it released sensitive personal data to the wrong person.

The breach appears to have occurred due to poor communication between the doctor concerned and his secretary, when she was asked to send a letter without being provided with sufficient information to correctly identify the patient to whom it related. This resulted in information being sent out to a patient with a very similar name to the individual for whom the data was intended.

The investigation carried out found that neither of the two individuals concerned had received training in data protection issues. The health board’s checks to ensure that sensitive data was not released to the wrong individual were also found to be insufficient. The NHS body in question is now implementing training on data issues and has committed to addressing the Information Commissioner’s Office’s concerns, following the £70,000 fine it received, arising from the breach.

We, at Penningtons, know that all too frequently communication errors lead to serious repercussions in a clinical environment; these errors appear to exist in the administrative handling of patients, as well as in their day to day care. Given the significant amount of sensitive data held by NHS bodies regarding the patients in their care, it is crucial that there are adequate checks in place to ensure that data is not released in error, or else these problems could become commonplace.