More data breaches for the NHS

A Kent NHS Trust has apologised to patients after their records were accessed inappropriately, leading to a police probe into the incident.

Letters have been sent out to patients of the Kent and Medway NHS and Social Care Partnership Trust (KMPT) detailing that a member of staff has been dismissed from their post after accessing records “without a legitimate business reason”.

The letter, sent by the trust’s information governance department at St Michael’s House in Sittingbourne, states: “As an organisation we have become aware of an incident which has occurred involving a junior member of staff inappropriately accessing medical records relating to the name and address of service users through our electronic systems.

“Our investigations into this incident have confirmed that there is no evidence that the individual has used any information they have reviewed for untoward purposes. The records were reviewed out of curiosity rather than with any malice or intent to commit further activity. However this is a very serious incident, and the staff member is no longer working within the organisation.”

The breach has been reported to the Information Commissioner’s Office (ICO), an independent authority set up to promote openness by public bodies and data privacy for individuals. The Information Commissioner may choose to pursue legal action against the former staff member. An ICO spokesman confirmed the incident had been referred to the police.

Contact Solutions4IT for help with your cyber security and compliance.