Welcome Guest | Login | Register | Why Register? |
Newsletter RSS Twitter
03 September 2010 | 16:12 GMT

E-Health-Insider E-Health Europe E-Health Jobs (UK only) E-Health Insider Events
HOME | CONTACT | NEWS | DOCUMENT LIBRARY | FEATURES | OPINION & ANALYSIS | EVENTS | RESEARCH REPORTS | CASE STUDIES
View reders comments View (3)
comments		 Add a comment Add a
comment		 Send to a friend Send to
a friend		 Print this page Print

Trusts fail to discipline staff over data breaches

Tags: Confidentiality   GP  

12 Sep 2008

NHS managers are failing to take action against staff who are involved in data breaches, according to the GP magazine Pulse.

The magazine says it used the Freedom of Information Act to obtain information about breaches of confidentiality and data losses from 47 NHS organisations.

It found there had been188 reported incidents of staff breaching privacy rules or accessing patient data without authorisation, and 75 reported incidents of staff losing data, since January 2007.

However, it says just 14 of these incidents were followed up with formal disciplinary action, and that this tended to take the form of a verbal or written warning. None of the trusts reported suspending or dismissing staff.

The incidents uncovered included major and well known incidents, such as the theft of a laptop containing the bank details of staff at Royal Cornwall Hospitals NHS Trust. However, most were relatively minor, such as faxes going astray and confidential records being disposed of inappropriately.

A number of trusts also reported staff inappropriately accessing patient records “for purposes not related to healthcare.” Most trusts reported they had simply advised the employees responsible of the correct procedures or sent them for "retraining."

 

© 2008 E-HEALTH-MEDIA LTD. ALL RIGHTS RESERVED.

Reader's Comments
Add a comment
Reader's Comments

1

A balance to be struck

12 Sep 08 09:09

There is surely a balance to be struck here. Many of these minor incidents, such as faxes going astray will have been reported by the staff members responsible. If staff feel that reporting such incidents will lead to severe disciplinary action or even dismissal, there is a strong disincentive to report them, and thus flaws in processes, etc., will not be exposed to management.

On the other hand, there is still reckless behaviour with patient records in some quarters and disciplinary action, and credible threat thereof, should be one of the tools for tackling it.

2

Incorrect data

18 Sep 08 11:09

At my previous trust there were 8 misconduct hearing regarding breaching patient confidentiality and 4 dismissals since 2005

3

Right approach

18 Sep 08 23:09

This seems to me, apart from major breaches (medical students personal data rather recklessly available on the Internet), or plainly unethical (e.g. selling identifiable patient diagnosis date to a drug company).

The policies can be rather unfathomable, and the need for clinical communication so high, that NHS staff will make innocent errors in the pursuit of patient care. Of course it is right that when we make such errors we are told we have made an error, told the right way to do it, and show that we can then adhere to the policy. For example sending an email to the wrong NHS recipient with the same name as the correct NHS recipient should at most result in a rap on the knuckles. Of course repeat offending after warning must be disciplined.

So that no one has been sacked (well actually one person has been within the last month, and that for a trivial error, not a major breach) seems wrong, that many have been talked to or called to a disciplinary seems right.

Search
News Features Jobs Newsletters
EHI Primary Care Tweets
EHI Primary Care Tweets

Past: 24 hrs|7 days|Month

Featured_recruiters
Featured_recruiters
About Us | Advertise | Privacy Policy | Terms & Conditions | RSS Feed
E-Health Insider Primary Care is managed and maintained by E-Health-Media.com ©2010 E-Health-Media Limited.