NMC – IS YOUR DATA SAFE?

data-protection-300x239

The NMC has responded to FOI requests to report that it spends £25 million a year on staff salaries, a tiny proportion of which covers the cost of a handful of relatively junior staff (out of its workforce of over 660), which have the vital job of checking the validity of overseas nurses’ certificates, i.e. does the stamp on the certificate look authentic; a somewhat anaemic approach when considering that the police have stated concern about the authenticity of ‘stamps’ from the Philippines (see previous articles).

This is a cause of great concern to many, and, it raises a general question – how competent are the NMC in other areas that it has responsibility for?

Take, for example, the fact that the NMC was fined £150,000 by the Information Commissioner’s Office (ICO) in 2013 for breaching the Data Protection Act: Three DVDs containing confidential information about two children went missing during the process of a nurse’s misconduct hearing, with an ICO investigation discovering that the data wasn’t encrypted.”The Nursing and Midwifery Council’s underlying failure to ensure these discs were encrypted placed sensitive personal information at unnecessary risk,” said David Smith, deputy commissioner and director of data protection, criticising the council’s handling of the matter. “No policy appeared to exist on how the discs should be handled, and so no thought was given as to whether they should be encrypted before being couriered. Had that simple step been taken, the information would have remained secure and we would not have had to issue this penalty.” … “It would be nice to think that data breaches of this type are rare, but we’re seeing incidents of personal data being mishandled again and again,” said Smith, who continued: “I would urge organisations to take the time today to check their policy on how personal information is handled. Is the policy robust? And is it being followed in every case? “If the answer to any of those questions is no, then the organisation risks a data breach that damages public trust and a possible weighty monetary penalty,” he said. “While the Nursing and Midwifery Council breach only affected a relatively small number of individuals, it nevertheless resulted in confidential personal information being compromised”.

The ICO announcement of the fine was accompanied by a guide.

This data breach, which certainly damaged my trust in the NMC, followed on the steps of its reply to a FOI request in 2012: Does the NMC require nurses and midwives to always abide by the Data Protection Act? Would you, as nurses, who pay the salaries of NMC employees, and you, as a member of the public, expect a reply that was clear and precise in the affirmative? Oh, my dear and innocent ones, not so! The reply: ‘Although specifically this question doesn’t fall under the remit of an FOI request as we don’t hold any recorded information about this, I can tell you that it is the Information Commissioner responsibility to administer the workings and any failure to abide by the Data Protection Act, not the NMC. However this question is related to your second question about patient confidentiality, and therefore please see my response below. I refer you to the ‘The code: Standards of conduct, performance and ethics for nurses and midwives’ which lists the standards and that nurses and midwives must adhere to and which includes information about patient confidentiality.

We don’t hold any recorded information about this!!!

Dear Nursing and Midwifery Council,

What proportion of your great army of staff are involved in ensuring strict adherence to data protection issues?

Are these staff thoroughly versed in the practices outlined in the ICO guide you received?

Have there been any other serious breeches of the Data Protection Act by the NMC since 2013?

Are your policies robust? Are they followed in every case?

If you become aware of a serious breach of the Data Protection Act by the NMC will you immediately report this to the ICO?

The answer to this, of course, is that it would be necessary to do so, for your code – Standards of conduct, performance and ethics for nurses and midwives’ which lists the standards and that nurses and midwives must adhere to and which includes information about patient confidentiality – clearly points to openess and honesty in reporting Data Protection Act misdemeanours. Certainly, a nurse would invite a fitness to practice hearing if suspected of such misdemeanour, and what is sauce for the (nurse) goose is surely sauce for the (NMC) gander?

If you are ever guilty again of a serious breech of the the Data Protection Act, and are forced to pay a massive fine (£500,000 + ?), will you write to apologise to all nurses who pay your salaries out of their registration fee? Will you pay any fine by a contrite NMC hierarchy taking a 10% cut in salary until such a fine is paid?

Do you expect all nurses to report the NMC to the ICO if suspecting the NMC of breaching the Data Protection Act? 

Please reply to my questions, which I ask on behalf of a growing number of very concerned nurses, who trust and pray you are not as incompetent as they fear.

lenin nightingale 2015

Advertisements