New data protection legislation targets NHS

News by Ava Fedorov

Beginning this week, NHS authorities will be subject to audit by the ICO for compliance with the Data Protection Act, according to a statement issued by the Information Commissioner's Office.

A result of a change in current laws, public healthcare organisations will now be under review by compulsory ICO audit, a status previously applicable to central government departments only. Under section 41A of the Data Protection Act, NHS foundation trusts, GP surgeries, NHS Trusts and Community Healthcare Councils and their equivalents in Scotland, Wales and Northern Ireland will have their protected data analysed by the ICO.

In an email statement to, the ICO points out that it has “specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.” Fines to NHS organisations have already amounted to more than £1 million, since the legislation has been in effect.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews