'Small number' of NHS Lothian patients affected by staff medical records data breach
A “small number” of patients have been affected by the NHS Lothian data breach in which more than 150 staff members’ medical records were accessed by a colleague.
Police Scotland has launched an investigation into the incident after a staff member at the Royal Edinburgh Hospital viewed medical records outside of their normal duties.
It is understood that the breach primarily affected staff members, but a small number of non-staff patients’ records were also viewed.
One patient who had been admitted to the hospital said they were sent a letter by NHS Lothian to tell them their records had been accessed.
They added that the incident had taken a toll on their mental health following their admission to the hospital.
Information which may have been accessed includes the dates of any appointments attended, details of medical conditions, and the date and location of any inpatient admissions and discharges.
The issue was detected when NHS Lothian’s routine monitoring system picked up unusual activity showing that one staff member had viewed the medical records of other staff members outside of normal duties.
Dr Tracey Gillies, Medical Director for NHS Lothian, said: “We swiftly started an enquiry into this matter and as part of this investigation we are contacting anyone whose records have been accessed.
“NHS Lothian takes incidents like this extremely seriously and we have written to offer our sincere apologies to those affected.
"The breach was picked up by our Fair Warning system, which is an e-health monitoring system. Our robust monitoring identified this activity and it was reported to Police Scotland as soon as we became aware of the breach.”