Cookie policy notice

By continuing to use this site you agree to our cookies policy below:
Since 26 May 2011, the law now states that cookies on websites can ony be used with your specific consent. Cookies allow us to ensure that you enjoy the best browsing experience.

This site is intended for health professionals only

At the heart of general practice since 1960

GPs' details included in 500 confidential records lost by CQC

A number of GPs and practice managers who have undergone checks to become their practice’s CQC registered providers have had their confidential personal information lost by the regulator. 

In a serious incident report (SIR) released on Thursday, the CQC announced it had lost 500 ’disclosure and barring service (DBS)’ files - formerly known as CRB checks - which Pulse understands include those from primary medical services.

The files contain details of GPs and practice managers who have applied to be the practice’s CQC lead, including personal information such as their name, and date and place of birth, but also mental health information.

The CQC has written to GPs to apologise and notify them of the data breach, which occured during an office refurbishment.

It comes as the regulator announced earlier this month that practices could expect ‘strengthened’ inspections on their data security processes, as part of an overhaul of how the NHS manages sensitive information.

The CQC report says theft ‘cannot be ruled out’ but believes this is unlikely. However, it concludes the information could cause ‘harm and distress’ should it fall into ‘unscrupulous hands’.

The report highlights that the files were lost when a cabinet was accidentally tagged for removal partly due to a lack of on-site supervision by CQC staff.

CQC chief executive David Behan wrote to affected individuals earlier this week to notify them of the breach, and an independent review of the CQC’s security arrangements has been launched.

A statement on the CQC website says: ‘During a planned refurbishment of its office in Newcastle earlier this month, it appears that a locked filing cabinet containing up to 500 DBS certificates was wrongly marked for removal and destruction.

The SIR report concludes: ‘The root cause of the loss of these documents was the last minute verbal changes to the requirements for the contractors made on 7 July, the lack of adherence to the documented plan and a misunderstanding between CQC staff and the primary contractor team.

‘Should the information contained in the missing folders fall into unscrupulous hands then is has the potential to cause further harm and distress to the individual data subjects.’

There are 38,000 CQC registered managers in England, the majority of whom operate adult social care homes, and they are responsible for ensuring their provider meets CQC standards.

The CQC requests copies of DBS certificates as part of its registration checks. The recent breach relates to applications between July 2015 and March 2016 – an online system was launched in April 2016 which removes the need for paper copies.

Mr Behan said:I would like to apologise to the individuals whose DBS certificates have been lost during the recent refurbishment of our office in Newcastle and for any distress this may cause. I deeply regret that this has happened.’

 

Readers' comments (27)

  • Everyone let bygones be bygones

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    The fine line between politically correct bureacracy and dangerously flawed hipocrisy.
    One would wonder all these people working for the organisation actually still believe what they are doing and saying everyday is so righteous......

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    Just had a telephone interview 2 days ago to apply for being the registered manager of my practice('sadly' I am the only one senior enough in the practice). I should be so lucky......

    Unsuitable or offensive? Report this comment

  • This comment has been removed by the moderator.

    Unsuitable or offensive? Report this comment

  • Dear All,
    The article says nothing about their reporting themselves to the Information Commissioner. Have they?
    GP and registered manager.

    Unsuitable or offensive? Report this comment

  • Has a magistrate been contacted to ensure the appropriate emergency closure of the organisation?

    Unsuitable or offensive? Report this comment

  • Pride and Fall? Hubris and Nemesis?

    Unsuitable or offensive? Report this comment

  • Will the CQC be informing the relevant managers/GPs and compensating them? Or, and I fear this is more the CQCs style, charging a fee to find out if you are on of the 500...

    Unsuitable or offensive? Report this comment

  • i think this should be reported as inadequate as they obviously do not have the right policies in place when moving offices, this is not acceptable

    Unsuitable or offensive? Report this comment

  • Dear CQC, Dont throw stones in glass houses....

    Unsuitable or offensive? Report this comment

View results 10 results per page20 results per page50 results per page

Have your say

IMPORTANT: On Wednesday 7 December 2016, we implemented a new log in system, and if you have not updated your details you may experience difficulties logging in. Update your details here. Only GMC-registered doctors are able to comment on this site.