Volume: 4 Issue: 3
The UK Information Commissioner’s Office (‘ICO’) announced, on 28 February 2017, that it has fined HCA International Ltd £200,000 for failing to keep fertility patients’ personal information secure when outsourcing to a sub-contractor.
According to an ICO investigation, the private healthcare facility had since 2009 been routinely sending unencrypted audio records of interviews between a doctor and various patients wishing to undertake fertility treatment by email to a company in India for transcribing. The ICO found the Indian company could not restrict access to the personal information because it stored audio files and transcripts on an unsecure server, making them freely accessible online.
Steve Eckersley, Head of Enforcement at the ICO, said in a press release, “The reputation of the medical profession is built on trust. HCA International has not only broken the law, it has betrayed the trust of its patients. These people were discussing intimate details about fertility and treatment options and certainly did not expect this information to be placed online. The hospital had a duty to keep the information secure. Once information is online it can be accessed by anyone and could have caused even more distress to people who were already going through a difficult time.”