The Information Commissioner's Office (ICO) has fined St George's Healthcare NHS Trust 60,000 for sending a patient's medical details to the wrong person.
The Trust sent out two letters in May 2011 to the patient's former address, despite having the person's up to date contact details already on file.
The patient's correct address had been logged on the national care records service, NHS Spine, in June 2006.
Stephen Eckersley, the ICO's head of enforcement, said the breach was "clearly preventable".
"This is the fourth monetary penalty we have issued to the NHS in the past two months," he said.
"It is vital that these organisations make sure they have the necessary measures in place to keep patients' details secure."
In a statement to IT Pro, a Trust spokesperson said the breach had been reported to the ICO as soon as it was discovered.
"We launched an immediate investigation and have introduced a number of measures to prevent similar incidents in the future, including clearer documentation and additional training for staff," said the statement.
"We have also made improvements to our information systems to ensure that staff always have access to the most up to date patient contact details."
