Shropshire Star

Patients' data released in Oswestry orthopaedic hospital breach

Some patients at a hospital in Shropshire have had their personal information released without their permission, it was revealed today.

Published
Last updated
The Robert Jones and Agnes Hunt Orthopaedic Hospital

The trust running Oswestry’s orthopaedic hospital has reported a data breach involving patients who were involved in a long-standing study.

An investigation has been launched after Robert Jones and Agnes Hunt Orthopaedic Hospital NHS Foundation Trust reported the breach to the Information Commissioner’s Office.

The breach was revealed in a report to Shropshire Clinical Commissioning Group’s governance board.

Hospital bosses said today the trust takes the protection of data very seriously.

It is understood that the data breach related to some patients who were involved in a long-standing study. Their data may have been released without their permission.

It is not yet known how many patients were affected by the breach, but RJAH says it is contacting those involved to explain what has happened and to apologise.

The report to Shropshire CCG’s board said: “The trust has reported a confidential information leak/information governance breach to the CCG. A full root cause investigation is in progress.”

Dr Simon Freeman, accountable officer for Shropshire CCG, said RJAH has taken “appropriate action” and reported the breach to the Information Commissioner’s Office.

He said: “The findings will be reported back to the CCG board in due course.”

Mark Brandreth, chief executive of RJAH

Mark Brandreth, chief executive of RJAH, said: “We take the protection of patient data very seriously and a full investigation into this incident is under way.

"At present we understand from our initial scoping that a limited amount of data relating to some patients in a long-standing study may be involved.

“We are still in the process of establishing precisely what data has been affected by this incident.

"We will be contacting affected patients to explain what has happened and apologise.

“It would be inappropriate for us to comment further until this has taken place.”

The Data Protection Act is enforced by the Information Commissioner’s Office, which can impose fines for breached organisations.

The act is designed to protect individuals against misuse or abuse of information about them.