An NHS Trust accidentally destroyed 10,000 archived records and failed to realise its mistake for three months, the information watchdog said today.
The Dartford and Gravesham NHS Trust records, which should have been kept in a dedicated storage area, were put in a disposal room due to a lack of space and then destroyed by mistake between December 28 and 31 last year, the Information Commissioner's Office said.
It is not known how many of the records contained the personal details of former patients, but some included names, addresses and a limited amount of medical information relating to the patients' previous treatment
But the trust said no clinical risks were posed to patients by the loss.
Sally Anne Poole, the ICO's acting head of enforcement, said: "Although the majority of information lost was several years old and only being kept for archiving purposes, there is no excuse for failing to keep it secure.
"The hospital should have ensured that the records were kept in a safe area - and, had they had adequate audit trails in place, they would have been able to keep track of where this information was at all times."
The trust has signed an undertaking to ensure its staff are made aware of data protection polices and procedures and that they receive suitable training on how to follow them, the ICO said.
Information Commissioner Christopher Graham warned in July that a culture change was needed within the health service to ensure patients' personal information was kept secure.
The security of the most sensitive personal data remains a "systemic problem" within the NHS, he said.
Policies and procedures to keep the information safe may already be in place, but they are not being followed by staff on the ground, he added.
In a separate incident involving Poole NHS Trust, two diaries containing details relating to the care of 240 midwifery patients were stolen from a nurse's car.
The diaries included patients' names, addresses and details of previous visits and were used by the nurse during out of hours calls.