Health staff in trouble for data breach

The health service has taken steps to better protect patient data
The health service has taken steps to better protect patient data
Have your say

DOZENS of health staff in the Lothians have been disciplined for breaching confidentiality rules over patient records.

One was sacked and received a criminal caution, a second was suspended, and others were given final warnings.

The figures were released in a report compiled by civil liberties campaign group Big Brother Watch as a result of freedom of information requests to health boards around the country.

They show that a total of 47 people were disciplined for privacy breaches during the three years to July 2011. The list included one staff member who received a criminal caution for passing information about a patient to a third party.

Another was suspended for looking up a patient’s personal information for their own interest, while 34 were given first and final warnings, and 11 were “counselled”.

According to the newly released data, 16 people accessed information relating to one of their family members, nine looked at other patients’ personal information for their own interest, and seven accessed their own records.

Three people had looked at information on their colleagues, one had looked at her husband’s record, and another had looked at their own child’s information.

However, unlike some other parts of the country, NHS Lothian had no cases of staff being disciplined for posting patient information on social networking sites.

One member of staff at Nottingham University Hospital was dismissed for putting a picture of a patient on Facebook, while others around the UK made comments about patients on the site.

Big Brother’s research director Maria Fort said: “NHS Lothian has been forthcoming in their response to our FOI request for breaches of data protection, and we’re pleased to see such transparency with regards to incident reporting.

“It is extremely important that, where breaches of data protection have taken place, NHS boards have clear policies established to respond to and prevent further incidents. Every breach should be taken seriously, and we hope that NHS Lothian has responded to each one in such a manner.”

The health board’s Alan Boyter, director of human resources and organisational development, said: “NHS Lothian takes patient confidentiality very seriously and that is why in 2009 we became the first health board in Scotland to introduce the Fair Warning system to pro-actively improve safety and security.

“The system, which is being rolled out to other boards, means we are continually monitoring the information held in our files and identifying any possible unauthorised or inappropriate access to patient data.

“It’s important to note that this system picks up potential breaches, as well as actual breaches, and we investigate each case to establish whether there has been inappropriate access of data.

“We have also reinforced the message to staff to ensure they comply with our data security guidelines.”