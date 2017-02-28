A private hospital group has been fined £20,000 after details of confidential conversations involving IVF patients were found online.

Since 2009, the Lister Hospital in London, part of HCA International, has been sending unencrypted records of conversations between doctors and patients by email to a company in India.

Details from these conversations were then transcribed in India before being sent back to the hospital.

But in April 2015, a Lister patient found that transcripts could be freely accessed by searching online.

Further investigation by the Information Commissioner's Office (ICO) found that the Indian company used an unsecure server to store audio files and transcripts.

The ICO has fined HCA International for failing to keep personal information secure, including by its Indian contractor.

It said HCA International had breached the Data Protection Act 1998.

Head of ICO enforcement Steve Eckersley said: "The reputation of the medical profession is built on trust. HCA International has not only broken the law, it has betrayed the trust of its patients.

"These people were discussing intimate details about fertility and treatment options and certainly didn't expect this information to be placed online.

"The hospital had a duty to keep the information secure. Once information is online it can be accessed by anyone and could have caused even more distress to people who were already going through a difficult time."

"What makes this case even worse is that we know the company is aware of its data protection obligations and already has appropriate safeguards in place in other areas of its business.

"The situation could have been avoided entirely if HCA International had taken the time to check up on the methods used by the contract company."

The Lister Fertility Clinic said the complaint referred to outpatient letters.

A spokesman said: "We take the protection of our patients' confidential and sensitive information extremely seriously. However, on this occasion we fell short of the both the standards of the ICO and the high standards we set for ourselves.

"We have apologised to the seven patients affected for the distress this may have caused and we no longer work with the company involved.

"The Lister Fertility Clinic has put in place more rigorous checks and measures to ensure the safety of our patients' information."