Eight hundred data breaches in Scotland over five years

05/01/2014 21:03

There have been more than 800 incidents of data loss by health boards in the last five years, figures have revealed.

They include patient notes being found in public places within NHS buildings, documents left in car parks and public transport, and personal information being sent to the wrong address.

Figures obtained by the Scottish Liberal Democrats through Freedom of Information requests show that there have been 806 incidents of data loss, leaks or Data Protection Act breaches in Scotland’s health boards between 2009 and 2013.

The number rose from 86 incidents in 2009 to 223 in 2013.

In one incident in NHS Greater Glasgow and Clyde in July 2013, a member of the public found a folder containing information for around 60 patients at a bus stop and handed it to a nearby hospital. The previous month, letters relating to a patient were found in hospital grounds.

In one incident at NHS Dumfries and Galloway in October 2011, X-rays were found in patient records which did not belong to them.

The Scottish Liberal Democrats have called on the Scottish government to ensure that NHS boards are given adequate support protecting confidential patient information.

The party’s Scottish health spokesman Jim Hume said: “NHS staff work extremely hard under an enormous amount of pressure but there must be a vigilant approach when it comes to protecting confidential patient information.

“The health secretary must ensure that NHS boards are given the support needed to learn lessons and prevent further breaches of patient confidentiality. We have no choice but to trust the people looking after our families to look after their personal details too.

“Whilst the year-on-year rise in incidents may be due to an increase in reporting, this should make health boards all the more aware of the scale of the problem.

“In one instance, a patient was given the pregnancy record of another patient.

“Our figures also show a number of important patient records and notes were lost. Some of those that were found had been left in public places where anyone could have read that private information.

“A mistake here or there might not seem much but the bigger picture is one of patient information being lost across Scotland. The health secretary must explain what he is doing to address this.”

The Scottish government said it is taking action to address the issue.

A spokeswoman said: “We take patient confidentiality and security of patient information very seriously and believe any data breach is unacceptable. All health boards are required to have robust procedures in place to secure patient information and staff should be given ongoing training in data protection.

“All mobile devices holding any patient data are now encrypted so, even if a laptop is stolen, patient information cannot be accessed; boards are installing a new tool to pinpoint staff who are accessing information they are not entitled to see; and health boards are rapidly moving from paper files to encrypted devices.

“In the interests of greater transparency and to make data breach statistics easier to interpret, the Scottish government plans to introduce a severity scale and national reporting mechanisms in line with recommendations made by Dame Fiona Caldicott. This should also lead to more clarity on data breaches and other security matters.”

Source: https://www.hsj.co.uk/news/eight-hundred-data-breaches-in-scotland-over-five-years/5066708.article#.UsmqqdIW3O5