Belfast Telegraph

NHS patient's medical data displayed to students... and 79 other blunders

By Adrian Rutherford

A patient's private medical details were shown to 50 students in one of the worst breaches of confidentiality in our health service.

The person's name and condition were mistakenly included on a slide displayed during a lecture at Queen's University.

It was one of dozens of serious breaches of the Data Protection Act by Northern Ireland health trusts detailed in a new report.

Research by privacy campaign group Big Brother Watch found at least 7,255 data breaches by health bodies across the United Kingdom in the last four years - around six a day.

At least 79 occurred in Northern Ireland, including the incident at Queen's.

Other local examples include:

  • A waste bag dumped at the back of a trust facility split open, showing medicines and patients' names.
  • A member of agency staff abused his IT access privileges to reset a password for the sole purpose of reading a private email.
  • Records dating back to the 1990s were found in an unlocked filing cabinet left at a former contact centre.
  • Claims that a member of staff wrongly gained access to a patient's hospital test results.
  • And five pages of personal patient information were found in a multi-storey car park.

Emma Carr, director of Big Brother Watch, said the scale of the data breaches was unacceptable.

"The information held in medical records is of huge personal significance and for details to be wrongly disclosed, maliciously accessed or lost is completely unacceptable," she said.

"With an increasing number of people having access to patients' information, the threat of data breaches will only get worse.

"Urgent action is therefore needed to ensure that medical records are kept safe and the worst data breaches are taken seriously."

Ms Carr called for greater penalties, including the threat of jail and a criminal record for those who abuse confidentiality.

A synopsis of the incident at Queen's, detailed in today's report states: "A staff member inadvertently included a patient's name and medical condition in a training slide to 40-50 QUB students during a lecture."

Across the UK there were 7,255 data breaches between 2011 and April this year.

These include at least 50 cases of data being posted on social media and 143 incidents of data being accessed for personal reasons.

Another 103 cases related to data being stolen or lost, while there were 236 incidents of information being shared inappropriately.

Today's report claims the Data Protection Act 1998 has a number of flaws that must be corrected.

Among the criticisms is that the Act does little to discourage people from breaking the law on data protection.

The Information Commissioner's Office states that health records are "extremely personal and sensitive" and can only be accessed by a registered health professional.


Key findings of today's report:

  • There have been at least 7,255 breaches in UK health trusts between April 2011 and April 2014, including 79 here in Northern Ireland • Nationally, these include at least 50 instances of data being posted on social media, 143 instances of data being accessed for "personal reasons" and 124 instances of cases relating to IT systems
  • Another 103 instances of data loss or theft took place, while there were 115 instances of staff accessing their own records

Belfast Telegraph


From Belfast Telegraph