Manx Care has apologised after an information governance review found that it had patient data breaches.

As a result of Manx Care not having sufficient resources to meet its statutory compliance responsibilities, it was fined £170,500 from the Isle of Man Information Commissioner last year.

Manx Care said in a statement: ‘We acknowledge the significant failures outlined in the enforcement notice, which make for uncomfortable reading, and would like to offer our sincere and unreserved apologies to those individuals whose data was breached through no fault of their own.

‘Regardless of the fact that this was neither malicious nor intentional, this will undoubtedly have caused distress to them, for which we are incredibly sorry.

‘This should not have happened.

‘We would like to assure members of the public that steps are being taken to bring Manx Care’s standards of compliance into line with those expected of the organisation.’

Since the breaches, Manx Care has invested in additional staffing to support a permanent information governance function, along with securing temporary resource and funding to support a continuous compliance and improvement programme that addresses the findings and recommendations outlined within the KPMG review.

It added: ‘This enforcement has provided a stark and important warning to Manx Care about our current level of compliance with data protection legislation, and we hope that the public can be reassured around our future intent.’

The information governance issues that Manx Care has experienced date back to 2020 when an enforcement notice was issued to what was then the Department for Health and Social Care.

This transferred over to Manx Care when the organisation launched on April 1, 2021, with two subsequent enforcement notices being issued in August 2021 and February 2022 for further, repeat compliance failures.

During this period, the organisation had ‘incredibly limited dedicated Information Governance or Data Protection resource in place’ to manage and mitigate its risks, and ensure that the patient data it held was managed in a safe, secure and compliant way.

This was as a result of staff having been transferred into other roles as part of the island’s response to the Covid-19 pandemic.