Health minister 'disappointed' with patient data breaches

The health minister has said his department is ‘disappointed’ with Manx Care’s data breaches.

This follows the island’s healthcare provider, which the Department of Health and Social Care operates, apologising after an information governance review found that it had patient data breaches.

As a result of it not having sufficient resources to meet its ‘statutory compliance responsibilities’, it was fined £170,500 by the Information Commissioner last year.

Lawrie Hooper told the Isle of Man Examiner the department had been ‘assured’ by Manx Care that it has a plan in place to meet the standards expected and rectify the problems that caused this issue.

Also in the news

New role created in heart failure service

Manx Care's patient transfer team make move to Noble's Hospital site

Tower of Refuge and Ramsey Swing Bridge both lit up red for World Encephalitis Day

Isle of Man sleep consultancy joins forces with nursery to enhance children's sleep

He said: ‘We will be working with them and the Information Commissioner to monitor the situation.

‘The Department, and Manx Care, take our responsibility for confidential personal data very seriously.

‘Information Governance is something that is measured through the mandate process, as we believe that transparency, protection and appropriate sharing of data is fundamental to delivering an efficient service which the public can have confidence in.’

Manx Care explained in a statement that it acknowledged the ‘significant failures’ outlined in the enforcement notice, which made for ‘uncomfortable reading’.

It added: ‘[We] would like to offer our sincere and unreserved apologies to those individuals whose data was breached through no fault of their own.

‘Regardless of the fact that this was neither malicious nor intentional, this will undoubtedly have caused distress to them, for which we are incredibly sorry.

‘This should not have happened.’

Since the breaches, Manx Care has invested in additional staffing to support a permanent information governance function, along with securing temporary resource and funding to support a continuous compliance and improvement programme.

The information governance issues that Manx Care has experienced date back to 2020 when an enforcement notice was issued to what was then the Department for Health and Social Care.

This transferred over to Manx Care when the organisation launched on April 1, 2021, with two subsequent enforcement notices being issued in August 2021 and February 2022 for further, repeat compliance failures.

During this period, the organisation had ‘incredibly limited dedicated Information governance or data protection resource in place’ to manage and mitigate its risks, and ensure the patient data it held was managed in a safe, secure and compliant way.

This was as a result of staff having been transferred into other roles as part of the island’s response to the Covid-19 pandemic.

Manx Care is ‘actively progressing’ a number of measures to mitigate further risk.

The health authority said: ‘[The organisation will then be able] to deal with data protection and information governance matters robustly, fully investigate and determine the root cause of any compliance issues, ensure appropriate steps are taken to mitigate any risk, and effect a culture change across the organisation.’

Breaches of patient data disappointing

Subscribe newsletter

All comments 0