Skip to main content

Data protection laws violated 634 times by NHS staff

NHS workers in Scotland have continually violated data protection controls over the past three years with over 500 instances of abuse of the system recorded in that timeframe including an image of a patient posted onto Facebook.

An investigation by Big Brother Watch found that there have been 634 data protection breaches in the last three years including everything from covert filming of staff, loss of patient case files and photographing of case files to the misuse of social media.

"It is clearly unacceptable that health staff in Scotland have thought that they could post such ­confidential details on social media and disclose them to third parties,” said Emma Carr, director of Big Brother Watch, according to Herald Scotland. "Urgent action is [therefore] needed to ensure that medical records are kept safe and the worst data breaches are taken seriously, including the introduction of greater penalties for those who abuse that access. This should include the threat of jail time and a criminal record."

Of the data protection violations identified in the report, 12 resulted in an employee’s resignation including the instance that saw a photograph of a patient uploaded onto a Facebook account.

Tony Pepper, CEO at encryption solution provider Egress, explained that people are still failing to heed the advice that sharing information on social media sites is just as damaging as any other medium.

“For some reason, while it seems obvious that you should not share sensitive information on social media, people ignore the fact it is just as bad to be sharing sensitive information unprotected in any form. Whether it’s through an online web form, a cloud-based collaboration platform, a large file sharing drive, or a common or garden email, sensitive data – particularly personal information relating to people’s health – needs to be encrypted and protected,” Pepper said.

With the NHS in the process of implementing a plan to allow unfettered online access to patient records from next year, data protection violations like this don’t make easy reading for those behind the plan.

Image Credit: Flickr (Ted Eytan)