Baroness Byford – 2014 Parliamentary Question to the Department of Health

The below Parliamentary question was asked by Baroness Byford on 2014-05-07.

To ask Her Majesty’s Government whether persons whose National Health Service data has been compromised are informed of that fact; and, if so, what remedy or compensation is available to them.

Earl Howe

National Health Service organisations are individually responsible for managing incidents where patient data has been compromised. Guidance provided by the Health and Social Care Information Centre is that data subjects should be informed when personal data about them has been lost or inappropriately placed in the public domain, unless the cost of doing so would be prohibitive or the risk to those concerned is judged to be minimal. Where there is any risk of identity theft it is strongly recommended that this is done.

There are no central guidelines on remedies or compensation. Individuals whose data has been compromised may make a complaint through local NHS complaints procedures or if they believe that an incident resulted from a breach of data protection requirements they may report this to the Information Commissioner. In some circumstances individuals might seek redress through the Civil Courts.