A woman posing as a nurse entered a hospital ward, helped “care for” a patient and accessed a handover document which detailed information about 14 patients.
The police have been unable to identify the individual or recover the lost data. They say their investigations have been hindered because the hospital’s CCTV was unplugged.
The incident happened at St Andrews Community Hospital on February 1.
NHS Fife said the woman was inside the hospital for a short period of time before being challenged by a nurse.
Data protection watchdog the Information Commissioner’s Office (ICO) said the woman was handed a document containing the personal information of 14 people and assisted with administering care to one patient.
STV NewsThey were able to do this “due to a lack of identification checks and formal processes”, the ICO said.
The CCTV in the hospital had been “accidentally turned off” by a member of staff just before the incident.
The watchdog has reprimanded NHS Fife for what it said were security failings that led to the loss of personal medical data.
Following the incident, the health board introduced new measures such as a system for documents containing patient data to be signed in and out, as well as updated identification processes.
Natasha Longson, ICO head of investigations, said: “Patient data is highly sensitive information and must be handled with the appropriate security. When accessing healthcare and other vital services, people need to trust that their data is secure and only available to authorised individuals.
“Every healthcare organisation should look at this case as a lesson learned and consider their own policies when it comes to security checks and authorised access.
“We are pleased to see NHS Fife has introduced new measures to prevent similar incidents from occurring in the future.”
Scottish Conservatives shadow health secretary Dr Sandesh Gulhane MSP said: “The public will be shocked and appalled that someone was able to brazenly walk into a Scottish hospital, pose as a nurse and steal patients’ sensitive data.
“Worse still, the lack of CCTV makes catching the culprit and retrieving this confidential information so much harder.
“It’s easy to blame staff for failing to prevent this incident happening but the reality is frontline NHS workers are completely overwhelmed due to the failure of the SNP to support frontline services.
“The patients involved have been badly let down and urgent questions remain unanswered over this worrying incident.
“Discredited health secretary Michael Matheson must work closely with NHS Fife and give them the resources they need to ensure patients will never be compromised in this way again.”
The ICO has asked NHS Fife to provide an update on actions taken within six months of the reprimand being issued.
STV NewsA spokesperson for NHS Fife said: “Earlier this year an individual purporting to be a member of agency nursing staff attended St Andrews Community Hospital.
“The individual was only on a ward for a short period of time and left shortly after being challenged by a member of the nursing team.
“While the person was never alone with any patient, they did have access to a handover document containing information relating to patients on the ward.
“NHS Fife and Fife Health and Social Care Partnership, who operate the facility, immediately reported the incident to Police Scotland and also referred the incident to the Information Commissioners Office.
“The patients involved and their families were informed of this breach of security.
“We acknowledge the findings of the Information Commissioners Office, and have apologised to those involved.
“A range of additional measures were put in place shortly after the incident to prevent such a matter from occurring again in future.
“We have since carried out a Significant Adverse Event Review and a working group has been established to implement the recommendations of both the Information Commissioner and the findings of our own review across the entirety of NHS Fife.”
A Police Scotland spokesperson said: “Around 3.40pm on Wednesday, February 1, we received a report of a woman posing as a member of staff at St Andrew’s Community Hospital, St Andrew’s.
“Enquiries have been carried out and nobody has been arrested.”
Follow STV News on WhatsApp
Scan the QR code on your mobile device for all the latest news from around the country
