12 May 2017
Lister Chelsea IVF Clinic Doctor-Patient Transcripts Data Breach
IVF couples were horrified to find transcripts of their confidential doctor-patient conversations leaked online.
The Lister Hospital, an IVF clinic in Chelsea, London, sent recordings of fertility appointments to a company in India for transcription without encrypting the audio. The Indian company returned transcripts for patients’ files on an unsecure internet server, allowing unauthorised users to access the server, steal the data and post it online.
The leak was discovered by an IVF patient whilst browsing the internet.
The Lister hospital was fined £200,000 by the Information Commissioner’s Office (ICO). Head of ICO enforcement, Steve Eckersley said: “These people were discussing intimate details about fertility and treatment options and certainly didn't expect this information to be placed online.
“The hospital had a duty to keep the information secure. Once information is online it can be accessed by anyone and could have caused even more distress to people who were already going through a difficult time.”
What Does The Law Say?
The Data Protection Act dictates that organisations that collect sensitive personal data must take ‘appropriate technical and organisational measures’ to ensure the data is not stolen.
The ICO found that the hospital failed to take ‘appropriate measures’ to safeguard patient data because they had no guarantee that the Indian company would store the data securely or delete it after the transcriptions were complete.
The ICO classified the breach as ‘serious’ due to how it could easily cause distress to patients concerned that their information may have been shared inappropriately - whether or not those concerns materialised.
What Should I do if I Think my Data May Have Been Stolen?
If you received treatment from the Lister Hospital IVF program between 2009 and 2015, or you have received a “Data Breach Notice” from Lister Hospital, you may be entitled to compensation for the distress caused by the breach. Visit the Lister IVF Data breach page on our site to sign up to the no obligation group to be kept informed of the on-going case.
Contact the specialist lawyers at Slater and Gordon today who are investigating this case by calling freephone 0800 916 9015 or contacting us online.
David Barda is a litigation executive, with expertise in litigation projects and their investigations. He works in the Slater and Gordon group litigation team in London.