One member of staff sacked and another reprimanded after data breaches at Northampton General Hospital

editorial image

ONE member of staff was sacked and another severely reprimanded for accessing details of Northampton General Hospital patients they were not treating, a new report reveals.

The report on data breaches at NGH in 2011, said measures were now in place to guard against information falling into the wrong hands, but warned potential harm could have been caused several times last year.

The hospital said on one occasion, a member of staff accessed the record of “an acquaintance” who was also a patient then told them they now knew their personal information, including contact details.

The hospital was tipped off by a third party and the subsequent investigation later found the access was unauthorised, and the staff member was dismissed. On a separate occasion, a member of staff viewed a family member’s clinical information that was held on computer.

The breach was identified by the team in which the member of staff works and was reported. They openly admitted the access when confronted, disciplinary action was taken and the individual was given a final written warning.

A hospital spokesman said: “NGH will always take action of this kind against anyone who misuses patient information. In particular, staff members with access to records are in a position of public trust, which must not be abused.”

The latest NGH board papers said the breaches could not be described as “serious”, which could result in fines from the Information Commissioner of up to £500,000, but were “of concern”. In that category were also a number of incidents where patients’ details on nurse’s handover sheets were apparently found in “inappropriate locations” and “not appropriately disposed of”.

The report adds: “If these were found by a member of the public it would constitute a clear breach of the Data Protection Act, which may be reportable to the Information Commissioners Office (ICO).”

NGH has said it has now begun a project to encrypt all portable devices, including computer memory sticks.