GP practices and/or CCGs could be liable for breaches of the Data Protection Act, the Medical Defence Union (MDU) has warned.
Speaking at the Commissioning Live event in Leeds, Dr Caroline Fryar mentioned a recent example that saw a London community health team fined £90,000 for sending 45 faxes about palliative care treatment to the wrong number.
GP practices and/or CCGs could be liable for breaches of the Data Protection Act, the Medical Defence Union (MDU) has warned.
Speaking at the Commissioning Live event in Leeds, Dr Caroline Fryar mentioned a recent example that saw a London community health team fined £90,000 for sending 45 faxes about palliative care treatment to the wrong number.
The medicolegal advisor said if data is lost or sent to the wrong place the organisation will be in breach of the Data Protection Act.
“In April 2010 there was a £60,000 fine against a large practice for sending two letters to the wrong address,” Dr Fryar said.
The address was five years out of date as the staff had failed to align their data with the NHS spine and the letters contained “highly sensitive” information.
She said: “These things will happen in general practice and it's likely that you will be vulnerable.”
Dr Fryar asked the GPs and CCG leads in her seminar what they would do if a provider asked for a list of patients in order to contact them about a health check.
“Are you simply going to say yes, great, send out names and addresses for them to do what they like with it?
“You should stop and consider what you're being asked for, and be careful,” MDU’s Dr Fryar warned.
Even names and addresses are considered identifiable information, Dr Fryar said.
