Basic fax blunder costs Staffordshire NHS Trust £55,000

A fax sent by mistake cost an NHS Trust in Staffordshire £55,000, after the Information Commissioner’s Office (ICO) levied a fine for the basic error.
The North Staffordshire Combined Healthcare NHS Trust sent sensitive medical details to a member of public via fax when a staff member entered the wrong number when trying to dial the Trust’s Wellbeing Centre department.
The issue came to light when the member of public alerted the Trust and returned the information. The details in the report included patients’ names, addresses, medical histories, and details of their physical and mental health.
An investigation by the ICO found that although the Trust had best practice guidelines that required staff to phone ahead to check numbers and ensure documents were received, staff had not been trained on these procedures.
“Let’s make no mistake, this breach was entirely avoidable. One phone call ahead to the trust’s Wellbeing Centre would have alerted its staff to the fact that the number they were entering was incorrect,” said ICO enforcement group manager, Sally Anne Poole.
“This would have stopped highly sensitive information about the care of vulnerable people being sent to a member of the public on three§ separate occasions.”
The chief executive of North Staffordshire Combined Healthcare NHS Trust, Fiona Myers, said it accepted the findings from the ICO and had established new procedures as a result.

“We have in place systems and policies to safeguard the information we hold which we have strengthened to reduce the risk of such a breach occurring as a result of human error,” she said.

“Moving forwards, to ensure all information is transmitted securely and that a similar incident could not occur, we no longer use fax machines to send patient identifiable information.”
Poole from the ICO added that the fine should serve as a warning to other organisations sending sensitive faxes. The ICO also published a guidance on fax use to try and help others avoid its wrath.

• Consider whether sending the information by a means other than fax is more appropriate
• Make sure you double check the fax number you are using
• Check that you are sending a fax to a recipient with adequate security measures in place
• If the fax is sensitive, ask the recipient to confirm that they are at the fax machine, they are ready to receive the document, and there is sufficient paper in the machine
• Ring up or email to make sure the whole document has been received safely
• Use a cover sheet. This will let anyone know who the information is for and whether it is confidential or sensitive, without them having to look at the contents