The UK's Information Commissioner's Office has imposed a fine of £225,000 on Ireland's Belfast Health and Social Care Trust (BHSCT) for failing to destroy thousands of documents containing personal data on patients and staff, including medical records, x-rays, scans, lab results, and staff payslips.
"The BHSCT merged with six local Trusts in April 2007 and, in turn, took over the management of more than 50 disused sites," writes IT PRO's Caroline Donnelly. "One of these sites, Belvoir Park Hospital, was accessed by trespassers in March 2010, who took photos of patient records to post online."
"The Trust arranged for an inspection of some of the buildings, but parts of the site were cordoned off due to asbestos concerns and a lot of the records had been damaged by damp and mould," writes The Register's Brid-Aine Parnell. "The Trust upped security and fixed damaged doors and windows, but the Irish News reported in April last year that it was still possible to get onto the site."
"The trust has now removed patient records from the site and examined them and either retained or securely disposed of them as required," writes SC Magazine's Dan Raywood. "A decommissioning policy has also been implemented by the trust to ensure that personal information is securely destroyed once it is no longer needed."