Manx Care has been hit with an Enforcement Notice from the island’s Information Commissioner due to several data breaches.

The health service has failed to comply with GDPR regulations, resulting in a number of data breaches over the last six months.

In one case, ‘the unencrypted medical record of a patient was emailed to circa 2,200 email recipients’.

The report states that damage and distress to patients is likely due to a lack of appropriate technical and organisation measures to ensure security.

The enforcement notice gives Manx Care four months to comply with GDPR laws, including bringing in measures to ensure data sent in email attachments is secure.

The board was also given six weeks to inform the commissioner how it intends to put these measures in place, and a timeline for doing so.

Failure to comply with the enforcement notice could result in a fixed penalty, with a maximum fine of £1,000,000.

Isle of Man Today asked Manx Care for a comment regarding the notice.

In response, they said: ‘In view of enforcement action which relates to a period from April to December 2021, Manx Care and the Manx Care Board recognise significant work is necessary to remediate the information governance risks and challenges Manx Care currently faces, and we are committed to getting this right moving forward.

‘We can confirm that a programme of work has commenced, overseen by the Manx Board and in conjunction with Cabinet Office Transformation Programme, to make all of the necessary improvements identified within the external review undertaken by KPMG as part of the Transformation Programme.’