From April 6, GPs can face top fines of £500,000 for serious data breaches.
The government has handed the Information Commissioner new powers to impose heavy fines, known as civil monetary penalties, in amendments to the Data Protection Act 1998.
Until now practices that lost patient data only faced limited sanctions from the Information Commissioner such as an enforcement notice or a criminal prosecution in limited circumstances.
But Dr Nick Clements, the Medical Protection Society's head of medical services in Leeds, said it was ‘highly unlikely' that practice breaches would attract the maximum fine.
‘Since most GP practices are small compared with a hospital trust, we would hope that any penalty would fall towards the lower end of the spectrum.'
The fines are not covered by insurance.
‘It is important for practices to have robust systems in place to ensure the appropriate management of data,' Dr Clements said.
Practice data reviews should cover responsibility for confidentiality, data protection and security, training and keeping track of laptops and memory sticks, the MPS cautions.