Tough pill for NHS to swallow

Now, where did I put your blood test results?

The news that a NHS hospital is staring down the barrels of a massive £375,000 fine for ‘losing’ hard drives containing patients details has prompted a good deal of comment, and I’m sure will provoke a whole lot more.

The BBC report the story [here] saying the Trust will be challenging the level of the fine.

Experts in the field have been saying that it was only a matter of time before the Information Commissioner flexed his new powers and gave an organisation a good financial thrashing.

Some people are concerned that these fines, if they are eventually levied, shouldn’t be too onerous because they will take money away from patient care.

It is an argument, but not one that I agree with. Why not?

Firstly, organisations for too long have relegated DP and Information Governance concerns to the bottom of the pile, the responsibility of those “beardy people” in the computer basement. We know it’s much more important than that, and should be as integral to the good running of a hospital as making sure they have clean scalpels.

Secondly people are concerned that the money disappears from the public sector. It doesn’t, in fact it just gets recycled around via the Consolidation Fund back into the public purse, albeit the institution that is paying may suffer some short-term financial hardship.

Here is where my proposed amendment to the Act comes in. If the driver behind these fines is to make sure that hospitals and other organisations abide by good practice the fines should be levied on the executives NOT the organisation.

I say this from bitter experience of having the misfortune to deal with too many FoI officers who were shunted into the job and then given no support from their organisation.

When I started asking FoI questions and then appealing nonsense responses I would sometimes get a call from a beleaguered officer pleading with me not to drop my case. They were desperate for me to appeal to the ICO so that their executives would feel the commissioner’s hot breath on their necks.

I’m not saying this took place with my requests to this hospital trust, but there are organisations still out there that seem to have nothing but contempt for FoI and DP. What they need, and what those organisations’ FoI officers need is a nice big fine to land on the chief executive’s desk.

The BBC story quotes Duncan Selbie, the chief executive of the Brighton and Sussex University Hospital Trust as saying: “As soon as we were alerted to this, we informed the police and with their help we recovered all the hard drives.

“We are confident that there is a very low risk of any of the data from them having passed into the public domain.”

Some might say that Mr Selbie, who was paid £200,000 last year to run the Trust, would say that.

Here is my new policy. As well as fining the organisation the Information Commissioner should be able to rule that nobody working in the DP or FoI sections of that organisation is allowed to earn less than one-fifth of the Chief Executive. That, I think, would concentrate minds.