NHS staff are revealing highly sensitive information up to five times a week by posting messages about patients on Facebook, discussing their illnesses in public or losing their medical files.
The news was relayed in a shock-horror Daily Mail expose, but was derived from a Freedom of Information request submitted by pressure group, Big Brother Watch.
It revealed that, in the last 12 months, doctors, nurses and admin workers have breached patients’ confidentiality some 802 times – and nearly half of the hospitals and NHS trusts questioned admitted there had been at least one such breach in the last year.
Of the 350 hospitals and NHS Trusts that responded to the FoI request, 152 acknowledged they had experienced at least one privacy breach over the past 12 months too. In at least 23 cases, staff had openly discussed patients with colleagues, friends and family on social media websites such as Facebook.
In one incident, a medical worker at Nottingham University Hospital took a picture of a patient in bed and circulated it on the social networking site. There were also 91 further incidents where NHS staff admitted to snooping through the medical files of their own colleagues.
More common
One NHS manager even admitted looking through the medical files of family, friends and colleagues 431 times out of alleged ‘idle curiosity’. That individual, a data quality manager at Hull Primary Care Trust, has since been sacked and given a six-month suspended jail sentence. But that was a rarity: in total, only 102 staff were fired in relation to the security breaches.
There were also another 57 cases where medical notes, computer discs or laptops containing highly personal information were left lying around in public places or were lost or stolen.
Unsurprisingly, Big Brother Watch warned that the NHS was not doing enough to protect patient data, adding that such incidents were likely to become far more common as higher numbers of NHS staff gained access to confidential patient notes following the introduction of the Summary Care Records system.
Health Minister Simon Burns said: “It is completely unacceptable for staff with no involvement in providing or supporting care to access confidential patient information. Patients have a right to expect that their personal medical information is kept private.”
The Department of Health had issued clear standards and guidance to the NHS about what needed to be done to keep patient records secure and confidential and individual organisations were responsible for ensuring that staff understood and followed that guidance, he added.
“Any member of staff discovered intentionally breaching this should be subject to appropriate disciplinary action. Access to electronic records can be tracked and audited, so that any abuse can be traced and dealt with,” Burns said.
