Digital Health Legal
Back to Contents

Volume: 4 Issue: 3
(March 2017)

ico hands down fine healthcare facility over data security flaws uk information commissioners office (‘ico announced 28 february 2017

UK India

Share This Page

ICO hands down fine to healthcare facility over data security flaws

The UK Information Commissioner’s Office (‘ICO’) announced, on 28 February 2017, that it has fined HCA International Ltd £200,000 for failing to keep fertility patients’ personal information secure when outsourcing to a sub-contractor.

According to an ICO investigation, the private healthcare facility had since 2009 been routinely sending unencrypted audio records of interviews between a doctor and various patients wishing to undertake fertility treatment by email to a company in India for transcribing. The ICO found the Indian company could not restrict access to the personal information because it stored audio files and transcripts on an unsecure server, making them freely accessible online.

Steve Eckersley, Head of Enforcement at the ICO, said in a press release, “The reputation of the medical profession is built on trust. HCA International has not only broken the law, it has betrayed the trust of its patients. These people were discussing intimate details about fertility and treatment options and certainly did not expect this information to be placed online. The hospital had a duty to keep the information secure. Once information is online it can be accessed by anyone and could have caused even more distress to people who were already going through a difficult time.”

Search Publication Archives

Our publication archives contain all of our articles.
Can’t find what you are looking for?
Try an Advanced Search

Log in to digital health legal
Subscribe to digital health legal
Register for a Free Trial to digital health legal
Sign up for e-mail alerts
digital health legal Pricing

Social Media

Follow digital health legal on TwitterView digital health legal LinkedIn Profiledigital health legal RSS Feed