NHS Trust fined £90,000 for serious data breach

A recent news story has highlighted how a Central London Community Healthcare (CLCH) NHS Trust has been fined £90,000 after a serious breach of the Data Protection Act.

The breach occurred in March 2011, following on from patient lists being faxed to the wrong recipient, around 45 faxes over a three month period. The lists had contained sensitive personal data relating to 59 individuals.

An investigation from the ICO into the data breach found that neither member of staff involved with the breach had received data protection training and that the organisation did not have adequate checks in place when sending information.

The handling of public data has been a popular news topic recently with various government officials being penalised for not providing the necessary care in handling such information. But surely all organisations handling such data should be putting vigorous processes and robust systems in place to manage all corporate information, especially that of a sensitive nature, if not because of the media furore that ensues after a breach is found then certainly for operational reasons?

Through the use – and regular review – of such processes and systems, fines such as those imposed by the ICO can be avoided.

This case has highlighted that organisations are not only failing to protect their clients’ or patients’ data, but are also failing to protect themselves when it comes to the data which they handle and the systems which support them.

By not having a reliable system in place – both in terms of IT infrastructure and internal practises – organisations are letting down their clients, customers and indeed anyone whose information that they hold, and ultimately undermining their own long-term stability. 

Business Process Management – Not just for the enterprise

A recent study has been carried out by IBM on attitudes to business process management (BPM). The survey, conducted by YouGov, spoke to 650 senior business decision makers from small, medium and large UK firms. One of the most significant findings was the difference in attitudes to BPM between small and large firms. The survey found, perhaps unsurprisingly, that the larger the business, the more likely they were to have plans in place to update their business processes in the next two to three years – demonstrated by 70% of those businesses with 250+ employees having BPM plans in place, compared with only 31% of those with less than 50 employees.

BPM is centred on making processes efficient and flexible in response to the company’s expansion. The implementation of faster and more effective business processes aligns all aspects of the company and, as such, usually results in improved client services. 85% of the senior business decision makers identified ‘line of sight’, ‘visibility into work occurring across your organisation’ and ‘clear understanding into how your business is performing’ as key to a business’s success. However, despite the majority believing this, very few SMEs practise what they preach as they are under the impression that they cannot afford to implement systems that aid in BPM.

Document management systems however are one means by which to create a transparent, streamlined business – a major pre-requisite for effective BPM. By consolidating all documents electronically into one central system, employees are able to access client information that would otherwise be difficult to lay hands on, and therefore deal with any queries directly. Time spent on manual processes is dramatically reduced with companies often seeing a return on their investment after the first year – challenging the wide belief that BPM solutions are only affordable to the enterprise and demonstrating real value for companies of all sizes.