Advertisement

Bogus NHS nurse who stole hospital medical records still not identified

NHS Fife sign on side of lorry, Scotland, UK
NHS Fife sign on side of lorry, Scotland, UK

A person who posed as a nurse and stole medical records from a Scottish hospital has yet to be identified nine months after the security breach.

NHS Fife has been reprimanded after the bogus nurse assisted staff with the care of a patient at St Andrews Community Hospital in February.

The individual left with paperwork containing personal information relating to 14 patients. The documents, known as SBAR (Situation, Background, Assessment, Recommendation), which included personal identifiers and special health category data remain missing.

A report by the Information Commissioner’s Office (ICO) said a police investigation has been hindered by a lack of CCTV footage, because cameras were accidentally switched off by a staff member.

The watchdog said the unauthorised person gained access to the ward and then, “due to a lack of identification checks and formal processes”, they “assisted with administering care to one patient” and were handed a document containing the personal information of 14 people.

The ICO said: “The data was taken off site by the person and has not been recovered. While the hospital had CCTV installed, the wall socket with the CCTV had been accidentally turned off by a member of staff prior to the incident.

“The police have not been able to identify the person or recover the lost data, hindered by the lack of CCTV footage.”

‘Highly sensitive information’

The watchdog’s investigation found NHS Fife failed to have appropriate security measures for personal information, as well as low staff training rates.

Following the incident, NHS Fife introduced new measures including a sign in and out system for documents containing patient data, and updated identification processes.

Natasha Longson, ICO head of investigations, said: “Patient data is highly sensitive information and must be handled with the appropriate security. When accessing healthcare and other vital services, people need to trust that their data is secure and only available to authorised individuals.

“Every healthcare organisation should look at this case as a lesson learned and consider their own policies when it comes to security checks and authorised access. We are pleased to see NHS Fife has introduced new measures to prevent similar incidents from occurring in the future.”

NHS Fife ‘apologised to those involved’

A NHS Fife spokesperson said: “Earlier this year, an individual purporting to be a member of agency nursing staff attended St Andrews Community Hospital.

“The individual was only on a ward for a short period of time and left shortly after being challenged by a member of the nursing team. While the person was never alone with any patient, they did have access to a handover document containing information relating to patients on the ward.

“NHS Fife and Fife Health and Social Care Partnership, who operate the facility, immediately reported the incident to Police Scotland and also referred the incident to the Information Commissioner’s Office.

“The patients involved and their families were informed of this breach of security. We acknowledge the findings of the Information Commissioner’s Office, and have apologised to those involved.”

The health board said measures have been put in place to prevent a recurrence and a significant adverse event review has been held, with a group established to implement the recommendations of the commissioner and the review.

Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month, then enjoy 1 year for just $9 with our US-exclusive offer.