'Small number' of NHS Lothian patients affected by staff medical records data breach

Police Scotland has launched an investigation into the incident after a staff member at the Royal Edinburgh Hospital viewed medical records outside of their normal duties.

It is understood that the breach primarily affected staff members, but a small number of non-staff patients’ records were also viewed.

One patient who had been admitted to the hospital said they were sent a letter by NHS Lothian to tell them their records had been accessed.

They added that the incident had taken a toll on their mental health following their admission to the hospital.

Information which may have been accessed includes the dates of any appointments attended, details of medical conditions, and the date and location of any inpatient admissions and discharges.

The issue was detected when NHS Lothian’s routine monitoring system picked up unusual activity showing that one staff member had viewed the medical records of other staff members outside of normal duties.

Dr Tracey Gillies, Medical Director for NHS Lothian, said: “We swiftly started an enquiry into this matter and as part of this investigation we are contacting anyone whose records have been accessed.

“NHS Lothian takes incidents like this extremely seriously and we have written to offer our sincere apologies to those affected.

"The breach was picked up by our Fair Warning system, which is an e-health monitoring system. Our robust monitoring identified this activity and it was reported to Police Scotland as soon as we became aware of the breach.”

A message from the Editor:

Thank you for reading this article. We're more reliant on your support than ever as the shift in consumer habits brought about by coronavirus impacts our advertisers.

If you haven't already, please consider supporting our trusted, fact-checked journalism by taking out a digital subscription.