BBC News reports that an organization has been fined in Ireland over privacy violations concerning patients’ medical records:
The Belfast Health Trust has been fined £225,000 after thousands of patient records were found abandoned in a disused hospital.
The Information Commission imposed the fine because the trust failed to secure confidential files at Belvoir Park Hospital, which closed in 2006.
Last year, the Irish News revealed that thieves entered the site, stole records and posted some on the internet.
The trust has apologised for the breach and said it has learned lessons. […]
Assistant Commissioner for Northern Ireland Ken MacDonald said it was the second highest fine since the Information Commission got new powers in 2010.
The breach involved the sensitive personal data of many thousands of patients and included medical records, X-rays, scans and laboratory results.
It also involved 15,000 staff records, including unopened pay-slips. […]
Belvoir Park Hospital in south Belfast was closed to patients in 2006 when a new cancer hospital was built at Belfast City Hospital.
Belfast Health Trust took over responsibility for the building in 2007 as part of a major trust reorganisation.
However, management failed to properly secure the building and the thousands of records inside it.
The disused site became home to many vandals who broke in and stole confidential data.
The thieves even posted some of the records on the internet, including X-rays and scans, in an attempt to sell the material.