Chris Lancelot: GP fine for data breaches is harsher than for managers

That was quick! Last month I pointed out that some PCT managers behave as though the rules of medical confidentiality don't apply to them.

The very next day came news that the Information Commissioner's Office (ICO) had fined Torbay Care Trust, in Devon, £175,000 for posting personal details of 1,300 of its staff on its website for 19 weeks. This information included employees' name, date of birth, religion, sexual orientation, pay scale and National Insurance number.

My first response was, 'Great – that'll teach 'em.' But the more I thought about the situation, the more questions it raised.

Why did no one at Torbay consider the possibility of blackmail or identity theft (which would apply whether the database was published inside or outside the PCT)? Sensitive personal information like this should be kept utterly confidential, and in the case of equality data, should only be published in aggregated form. No wonder the ICO handed out such a large fine.

Believe it or not, this is the fifth time since April that an NHS trust has been fined by the ICO over confidentiality issues. Five times - in organisations for which confidentiality should be a fundamental principle.

Has anyone in these trusts been sacked? Have there been any resignations? If my experience of NHS management foul-ups is anything to go by, those responsible might get a ticking off, but they won't be fined or lose their jobs, though just occasionally someone might get moved sideways.

Who will pay the fines? Not the managers, I suspect. The money will come from the funds of the trusts themselves, so Torbay's patients have presumably had to forfeit £175,000 worth of treatment through no fault of their own. That's a lot of therapy they won't be able to access.

By contrast, had the offender been a GP practice, the fine would have been paid from practice profits. In addition, the medical partners would have risked an appearance before the GMC, with the possibility of being suspended or even struck off.

I can't help feeling that this is totally unfair. When GPs foul up, they have to take the rap personally. When managers make a mistake, the patients are penalised. Something wrong here, surely?

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins


Already registered?

Sign in

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus