Dozens of Covid-19 test results sent to Scottish business in error

A health board sent coronavirus test results and other personal information on more than 50 patients to a business by mistake.
By PA Reporter
Published 1st Jun 2020, 12:27 BST
Updated 1st Jun 2020, 12:27 BST
 Comment

NHS Orkney apologised for the data breach, which it said was caused by “administrative error”.

All of the 51 patients involved have been contacted and the business has deleted the personal data it received.

Hide Ad
Hide Ad

The health board has reported the incident to the Information Commissioner’s Office.

A health board sent coronavirus test results and other personal information on more than 50 patients to a business by mistake. (Credit: Shutterstock)A health board sent coronavirus test results and other personal information on more than 50 patients to a business by mistake. (Credit: Shutterstock)
A health board sent coronavirus test results and other personal information on more than 50 patients to a business by mistake. (Credit: Shutterstock)

Julie Colquhoun, head of corporate services at NHS Orkney, said: “I can confirm that on May 15 data on 51 patients was sent to a local business in error.

“This data comprised patient names, addresses and the results of Covid-19 testing.

“Following investigation it is clear this was an isolated case of administrative error.

“We have written to all the patients affected to make them aware of this incident and apologise to them.

“This has also been reported to the Information Commissioner’s Office.

“NHS Orkney takes the management of patient data extremely seriously and all staff have been reminded of the correct procedures to follow.

“I would like to take this opportunity to apologise again to those people affected.”

Hide Ad
Hide Ad

A spokesman for the Scottish Government said the administration is aware of the data breach.

He added: “All staff and patients involved were subsequently contacted by NHS Orkney to explain the data breach and the recipient organisation has been contacted and has deleted the personal information they received erroneously.

“NHS Orkney has informed the Information Commissioner’s Office of the breach. This was not a cyber-attack but a result of human error.

“NHS Orkney will be fully investigating the incident to understand any failings and what lessons can be learned.

“This incident will be taken through their process to ensure data-handling practices and staff training is reviewed, and process improvements are identified and put into action.

“The Scottish Government takes the data protection rights of the people of Scotland seriously and will do everything in our power to ensure that lessons are learned and this doesn’t happen again.”

A message from the Editor

Thank you for reading this story on our website. While I have your attention, I also have an important request to make of you.

With the coronavirus lockdown having a major impact on many of our advertisers - and consequently the revenue we receive - we are more reliant than ever on you taking out a digital subscription.

Hide Ad
Hide Ad

Subscribe to scotsman.com and enjoy unlimited access to Scottish news and information online and on our app. With a digital subscription, you can read more than 5 articles, see fewer ads, enjoy faster load times, and get access to exclusive newsletters and content. Visit https://www.scotsman.com/subscriptions now to sign up.

Our journalism costs money and we rely on advertising, print and digital revenues to help to support them. By supporting us, we are able to support you in providing trusted, fact-checked content for this website.

Joy Yates

Editorial Director

Related topics:Scottish GovernmentCovid-19
 Comment

Comments

 0 comments

Want to join the conversation? Please or to comment on this article.