Breach of NHS Lothian colleague's medical records linked to staff member at Edinburgh Royal Hospital
A data breach understood to have affected more than 150 staff members at NHS Lothian has been traced to the Edinburgh Royal Hospital.
An investigation has been launched by Police Scotland after the medical records of more than 150 NHS Lothian staff members were “inappropriately accessed” by a colleague, the Scotsman reported.
After a delay in searching for a record of the incident, due to NHS Lothian being unable to provide certain details over fears of patient confidentiality, Police Scotland has confirmed that the breach was traced to a staff member at the Edinburgh Royal Hospital.
The time period in which medical records were accessed is unknown, but a spokesperson for Police Scotland confirmed that it was reported to officers in Edinburgh on Tuesday February 2.
Affected staff members were informed of the incident by letters sent out a few days later.
The issue was detected when NHS Lothian’s routine monitoring system picked up unusual activity showing that one staff member had viewed the medical records of other staff members outside of normal duties.
It is understood to have affected more than 150 NHS Lothian staff members, all of whom have been contacted to let them know.
Information which may have been accessed includes the dates of any appointments staff members attended as patients, waiting lists they were on, details of their medical conditions, and the date and location of any inpatient admissions and discharges.
A spokesperson for Police Scotland said: “Officers in Edinburgh received a report around 2.35pm on Tuesday 2, February, of data protection offences by a member NHS staff at the Royal Edinburgh Hospital.
“Enquiries into the incident are ongoing.”
Dr Tracey Gillies, Medical Director for NHS Lothian, said: “NHS Lothian has become aware that a member of staff may have inappropriately accessed staff records. We swiftly started an enquiry into this matter and as part of this investigation we are contacting anyone whose records have been accessed.
“NHS Lothian takes incidents like this extremely seriously and we have written to offer our sincere apologies to those affected. The breach was picked up by our Fair Warning system, which is an e-health monitoring system. Our robust monitoring identified this activity and it was reported to Police Scotland as soon as we became aware of the breach.”
A message from the Editor:
Thank you for reading this article. We're more reliant on your support than ever as the shift in consumer habits brought about by coronavirus impacts our advertisers.
If you haven't already, please consider supporting our trusted, fact-checked journalism by taking out a digital subscription.
Want to join the conversation? Please or to comment on this article.