The Information Commissioner's Office (ICO) has issued its first monetary penalty against an NHS organisation, which sent sensitive patient details to the wrong person.
The Aneurin Bevan Health Board (ABHB) in Wales has been ordered to cough up 70,000 for the mistake, which is understood to have taken place in March 2011.
The NHS holds extremely sensitive information. The damage and distress caused by the loss of a patient's medical record is obvious.
In a statement, the ICO said the data breach had been blamed on a consultant who had provided insufficient details about a patient, which resulted in them being incorrectly identified.
As a result, a report into the patient's health was sent out to a patient with a similar name.
Following an investigation by the ICO, it was concluded the consultant had received insufficient training about data protection and that inadequate checks were in place to safeguard patients' personal information.
Stephen Eckersley, head of enforcement at the ICO, said, as well as a financial penalty, ABHB had also signed an undertaking to address the data protection watchdog's concerns.
"Aneurin Bevan Health Board failed to have suitable checks in place to keep the sensitive information they handled secure," he said.
"This case could have been extremely distressing to the individual and their family and may have been prevented if the information had been checked prior to it being sent."
As part of ABHB's undertaking, all staff will be trained in and made aware of its policies on data protection.
New checks will also be introduced to tighten up patient identification procedures and regular monitoring of its data protection polices will take place.
News of the fine comes less than a year after the ICO rapped the NHS for not making enough of an effort to safeguard patients' data.
