HYWEL DDA UHB has written to around 3,000 patients after an internal investigation revealed that a former nurse had inappropriately accessed electronic hospital records.
The individual, who cannot be named as they are currently the subject of an investigation by the Information Commissioner, worked as a nurse at Glangwili Hospital, but the records accessed cover the whole of the Hywel Dda UHB area.
The nurse has since been dismissed for breaching patient confidentiality and acting outside of their professional code of conduct and the Health Board’s own policies on data protection and information governance.
All patients affected, which include staff members, have been written to and offered the opportunity to discuss the situation with the Health Board through a free helpline number, which can be contacted on 0800 804 8787.
In a media briefing held on Thursday (Jul 7), Hywel Dda UHB Chief Executive, Steve Moore, said that the breach was initially identified at the end of last year after a fellow staff member raised concerns, but the information was not made public until all those affected had been identified and informed.
Mr Moore said: “This is a matter that we take extremely seriously and I have written to every patient directly affected to apologise for the actions taken by this individual which go against their own professional code of conduct and health board policies and procedures.
“We are able to reassure people that our review has shown no changes or amendments were made to records. It also produced no evidence that the information has been used by the individual for any purpose other than to view.”
He added: “We understand and acknowledge how distressing this is for those individuals affected, especially for any who may be vulnerable and we have set up a free helpline should they wish to discuss this further with us.”
The Health Board has identified areas for improvement and taken action to improve checking access to electronic hospital records and managing performance and supervision to avoid something similar from happening again.
An electronic system which will provide a more efficient way of checking access has been introduced. The National Intelligent Integrated Auditing System (NIIAS) is licensed for use by all health boards.
Mr Moore said that it was ‘difficult to speculate’ about why the individual concerned accessed the records, but acknowledged that, although the records accessed did not relate to any specific ward or diagnosis, the selection was ‘not entirely random’.
The Health Board has also proactively referred this to the Information Commissioner’s Office to investigate. The Information Commissioner is responsible for upholding rights in the public interest, promoting openness by public bodies and privacy for individuals. It is an independent regulatory office dealing with the Data Protection Act and has its own enforcement rights for any breaches under the Act.
Should the Information Commissioner’s Office determine the access constitutes a breach, they have the power to commence criminal proceedings against the individual. Equally, the Information Commissioner could fine against the Health Board should they consider it failed to take appropriate organisational or technical measures to protect individuals’ personal data.
The individual responsible has been referred to the Nursing and Midwifery Council, who will decide what further action should be taken.
Mr Moore added: “May I again sincerely apologise that a former member of staff, whilst in a position of trust, has acted in this way. This should not have happened and I know that our own staff, like our Board, will be shocked at this situation, especially our wonderful nurses who hold patient confidentiality at the core of their values. I hope our patients, staff and public will be assured of our on-going commitment to avoid something like this from happening again.”
Medical Director, Dr Philip Kloer, said that he was ‘extremely disappointed’ by the news, but stressed that this incident was not in any way representative of Hywel Dda’s staff. He described the breach as ‘unprecedented’, adding that the health board had dealt with breaches before, but nothing on this scale.
Dr Kloer also acknowledged that the audit had only been able to access data going back to 2013, and that the nurse in question was a ‘permanent employee who has been working for us for a number of years’.
Hywel Dda UHB has emphasised that if people have not been contacted directly by the health board about this situation then they are unaffected and do not need to take further action. Anyone who has been contacted and who is distressed or has concerns, can contact the free helpline on 0800 804 8787. Please note it is open between the hours of 5pm and 9pm Monday- Friday and 9am-4pm Saturday and Sunday until July 21.
Add Comment