HYWEL DDA University Health Board has written to a large number of patients, to provide them with information and support after an investigation identified a member of staff had inappropriately accessed electronic hospital records.
The individual, a nurse, has since been dismissed after breaching patient confidentiality and acting outside of their professional code of conduct and the Health Board’s own policies on data protection and information governance. The Health Board says it has also referred the situation to the Information Commissioner for independent investigation.
All patients affected, which include staff members, have been written to and offered the opportunity to discuss the situation with the Health Board through a free helpline number, which can be contacted on 0800 804 8787. Please note it is open between the hours of 5pm and 9pm Monday-Friday and 9am-4pm Saturday and Sunday until Jul 21.
Chief Executive Steve Moore said: “This is a matter that we take extremely seriously and I have written to every patient directly affected to apologise for the actions taken by this individual which go against their own professional code of conduct and health board policies and procedures.
“We are able to reassure people that our review has shown no changes or amendments were made to records. It also produced no evidence that the information has been used by the individual for any purpose other than to view.”
He added: “We understand and acknowledge how distressing this is for those individuals affected, especially for any who may be vulnerable and we have set up a free helpline should they wish to discuss this further with us.”
Members of the Health Board’s management identified the breach late last year and a review took place to establish the extent of the issue. The Health Board has identified areas for improvement and taken action to improve checking access to electronic hospital records and managing performance and supervision to avoid something similar from happening again.
The Health Board has also proactively referred this to the Information Commissioner’s Office to investigate. The Information Commissioner is responsible for upholding rights in the public interest, promoting openness by public bodies and privacy for individuals. It is an independent regulatory office dealing with the Data Protection Act and has its own enforcement rights for any breaches under the Act.
Should the Information Commissioner’s Office determine the access constitutes a breach, they have the power to commence criminal proceedings against the individual. Equally, the Information Commissioner could fine against the Health Board should they consider it failed to take appropriate organisational or technical measures to protect individuals’ personal data.
Mr Moore added: “May I again sincerely apologise that a former member of staff, whilst in a position of trust, has acted in this way. This should not have happened and I know that our own staff, like our Board, will be shocked at this situation, especially our wonderful nurses who hold patient confidentiality at the core of their values. I hope our patients, staff and public will be assured of our ongoing commitment to avoid something like this from happening again.”
If you have not been contacted directly by the health board about this situation then you are unaffected and do not need to take further action. Anyone who has been contacted and who is distressed or has concerns, can contact the free helpline on 0800 804 8787. Please note it is open between the hours of 5pm and 9pm Monday-Friday and 9am-4pm Saturday and Sunday until Jul 21.