Feeds

ICO slaps NHSBT for wrong organ donor data

Ten years, thousands of cockups

Choosing a cloud hosting partner with confidence

The Information Commissioner's Office has reprimanded NHS Blood and Transplant for wrongly recording organ donation preferences over a decade.

The ICO said that in March 2010 NHSBT, which manages the Organ Donation Register (ODR), found irregularities between donation preferences stated on Driver and Vehicle Licensing Agency (DVLA) application forms and the data recorded on the register.

Further investigation showed that there was an ODR software error dating back to 1999, which affected the recording of specific organ preferences from the DVLA. Once the error was discovered, NHSBT halted use of DVLA data files and an independent investigation was commissioned by NHSBT, carried out by Professor Sir Gordon Duff. It informed the ICO and the public in April 2010.

In October last year, Duff's review said that the donations of 25 people had been affected by the error. He concluded that the error had been avoidable if systematic data verification procedures had been in place in 1999. Duff explained in his report that the fault was able to go undetected for so long because for many years the ODR was not consulted as part of the process of establishing consent for organ transplantation.

"Until consultation with the ODR started to become more routine it appears not to have been seen as a business critical system and consequently it seems that resources and scrutiny were concentrated on other priorities," he said.

In a written ministerial statement, published last October, health secretary Andrew Lansley said he was happy with Duff's independent review and the recommendations he offered.

The information watchdog acknowledged that the vast majority of the data during the error period was accurate, and that a number of patients were contacted directly in order to ensure that their original preferences were accurate.

NHSBT has now signed an undertaking, which commits the organisation to being "more robust in checking information is accurate".

Mick Gorrill, head of enforcement at the ICO, said: "The decision to donate an organ is a significant one and it is important that the preferences of the donors are recorded accurately. In this case errors were made in the recording of the donor's wishes.

"I welcome the NHSBT's commitment to correcting the inaccurate data and their willingness to make sure this type of incident does not happen again by introducing a variety of new security measures."

NHSBT will also continue to write to all new registered entrants to give them a chance to report any errors, as well as inviting an external organisation with experience of running large databases to conduct a review of its proposed new control systems.

This article was originally published at Kable.

Kable's GC weekly is a free email newsletter covering the latest news and analysis of public sector technology. To register click here.

Beginner's guide to SSL certificates

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
In the next four weeks, 100 people will decide the future of the web
While America tucks into Thanksgiving turkey, the world will be taking over the net
Microsoft EU warns: If you have ties to the US, Feds can get your data
European corps can't afford to get complacent while American Big Biz battles Uncle Sam
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.