Health Services: Data Protection

Department of Health and Social Care written question – answered at on 9 April 2024.

Alert me about debates like this

Photo of Baroness Manzoor Baroness Manzoor Conservative

To ask His Majesty's Government how many incidents of patient records or personal data being accessed without due cause have been recorded in the most recent year for which figures are available.

Photo of Lord Markham Lord Markham The Parliamentary Under-Secretary for Health and Social Care

Health and care organisations are required to submit data breach reports within 72 hours of an incident. Data breach incidents are reported to the Information Commissioners Office (ICO), who then investigate and decide what action to take. Notifiable breaches are those that are likely to result in a high risk to the rights and freedoms of the individual, referred to as the data subject. NHS England publishes the number of incidents reported through the Data Security and Protection Toolkit on its website. In 2023, 996 incidents were reported to the ICO, but not all of these would have involved patient details being accessed without due cause. The ICO publishes details on its website of incidents where it takes enforcement action.

Does this answer the above question?

Yes0 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.