A ROYAL EDINBURGH NHS Lothian staff member has been suspended after he illegally accessed patient records when it was not deemed part of his normal duties.
Almost 200 patient records were accessed and both men and women have received letters notifying them that their records were part of the breach.
During a routine audit of NHS Lothian’s TRAK administration system a suspicious pattern of use was detected and an investigation was subsequently launched.
Data accessed included information about appointments, waiting lists and dates and locations of inpatient admissions and discharges.
The person also accessed notes that can include the description of any conditions or illnesses the patient may have had that was written by a doctor, nurse of other health professional – including copies of letters that were sent to the general practitioner or patient.
Tracey Gillies, Executive Medical Director signed off letters to the affected staff on Friday February 5.
She wrote: “I am very sorry to inform you that, during a routine monthly audit of staff access to computerised records we identified a member of staff viewed your patient record when it was potentially not part of their normal duties.
“We have a duty to inform you of this and assure you that we regard this very seriously.
“The member of staff was being dealt with through the appropriate disciplinary procedure in NHS Lothian.
“Due to the seriousness with which we view any breach of patient confidentiality, this matter has also been reported to the Police, the Information Commissioner’s Office and the staff members regulatory body.”
One of the nurses affected by the breach spoke exclusively to SWD Media but wishes to remain anonymous.
The nurse said: “What was their motivation? Did they want to find out my address, perhaps to blackmail me or even watch me?
“I’m furious that this has happened and I feel violated.”
The psychological effects are clear when a previous patient at the psychiatric hospital said that he felt the breach of confidentiality “represented a kind of mind rape”.
He added: “It’s possible that he has stolen things that I haven’t even told my mother.
“He is carrying these secrets in his head and in my opinion its no different to a rapist or murder taking a trophy such as an item of jewellery, clothing or even a body part.”
Speaking today, Dr Tracey Gillies, Medical Director for NHS Lothian, said: “NHS Lothian has become aware that a member of staff may have inappropriately accessed staff records. We swiftly started an enquiry into this matter and as part of this investigation we are contacting anyone whose records have been accessed.
“NHS Lothian takes incidents like this extremely seriously and we have written to offer our sincere apologies to those affected. The breach was picked up by our Fair Warning system, which is an e-health monitoring system. Our robust monitoring identified this activity and it was reported to Police Scotland as soon as we became aware of the breach.
“We will continue to work closely with Police Scotland and the Scottish Information Commissioner to resolve this matter. As this is now a police matter, we are unable to offer any further comment.”
A Police Scotland spokeswoman said: “Officers in Edinburgh received a report around 2.35pm on Tuesday 2, February, of data protection offences by a member NHS staff at the Royal Edinburgh Hospital.
“Enquiries into the incident are ongoing.”
In 2019 a nurse working at the Royal Infirmary of Edinburgh was sacked after it was discovered she accessed 28 patient records without clinical justification including that of her friend and a neighbour.
Judith Naughton was handed a four month suspension by the Nursing and Midwifery Council after she admitted the data breaches and it was judged her fitness to practise was impaired.
